Interset helps organizations detect, prioritize, and respond to cyber threats. Its user behavior analytics solution leverages existing log data to provide unparalleled visibility to see threats and attacks across the enterprise. This enables early attack detection and actionable forensic intelligence. Using the power of analytics, machine learning, and big data, Interset’s software provides the fastest, most flexible, and affordable way for IT teams of all sizes to protect their intellectual property and sensitive data. Simply put, Interset combines machine learning and big data analytics to examine normally unrelated bits of data to find relationships and expose trends that pose potential hazards.
Interset’s Key Features:
- Threat Detection – Evaluate threats quickly and accurately
- Real-time threat detection
- Risk scoring for threat prioritization
- Probabilistic math surfaces true attacks
- 24/7 IP threat visibility
- Forensic reporting & incident response
- Behavioral Analytics – machine learning and algorithms are field proven to quickly and accurately detect risk & threats
- Tracks and baselines users, files, machines & applications
- Identifies and surfaces anomalous, high risk activity
- Pinpoints real-time and historic attacks and IP theft
- Detection occurs in hours instead of months
- Zero in on Real Threats – Separate real threats and risks from noise and false positives
- Risk scoring surfaces and prioritizes threats
- Continuous monitoring of all sensitive assets
- Detects both insider and targeted outside attack
- Correlates authentication, access, file, & application activity
- Forensic Reporting
- Simple and clear presentation of high risk events
- Drill-down to highest risk people, project or asset visualizations
- Actionable forensic details automatically exported to SIEM or IR
- Rest API integration enables high risk scores and anomalous activity to actuate existing IT controls
Detailed View:
In a nutshell, Interset boasts the following features:
- It connects and aggregates a broad range of data sources, including endpoints, directories, IP repositories, such as PLM, SCM, and content management tools like SharePoint into analytic models to increase the accuracy and timeliness of threat detection.
- It employs multiple, probabilistic math models to more accurately recognize and trigger alerts about users, machines, repositories and/or files that are under threat.
- It delivers prioritized and contextually rich views of the entities and events related to risks and threats so security teams understand which events represent the greatest risk and what to do to stop them before data is lost.
- Integrates machine learning with reputation scoring along with identified behavior patterns, Interset is able to counter threats as they arise, evolve and mutate into entities that were previously never seen.
- Can gather data using Interset Endpoint Sensors, which run on Windows, Linux and Apple OS X platforms.
- Unlike typical security products that rely on signatures and packet analysis, Interset offers a more nuanced approach that ties threat detection to the concept of behavior. It learns the behavior of users, applications, devices and more to conceptualize what normal behavior is and uses that as a litmus test to detect suspicious behavior.
- For example, the Interset analytics engine can quickly identify a behavior pattern, such as “Bob User” always logs into the accounts payable application from “TOWN, USA” during normal working hours.
- Interset can detect usage patterns that are much more subtle than the one described above, where even the smallest of anomalous use cases can trigger alarms, such as an Advanced Persistent Threat where the suspicious activity is usually hidden in the volume of normally unrelated events. That is precisely where the advanced algorithms and machine learning comes into play.
- Interset is able to uncover those normally overlooked relationships among data, devices, users, locations and applications to create a reputation score, as well as execute policy based upon administrator rules.
- Interset uses different terminologies than most security products. For example, the product calls a series of recorded events a “story.” In other words, a story is told via a report that illustrates what has happened based upon a filter set the administrator has selected. Stories are a critical element of the Interset platform because they reveal dominant behaviors and illustrate what activities are taking place on the network and how those activities fit into normalized behavior. Stories are further put to use as an educational element when administrators use a story to help define use cases.
- As a result, Interset conquers the biggest failing of most security products — the reliance on signatures and identified behaviors to protect systems.
- The product can work with all types of data via Interset Connectors, which are basically predefined connection scripts for PLM, SIEM, SCM and DLP data types from leading platforms, such Splunk, SAP, Siemens, RSA, Symantec, and dozens more.
- Improved deployment simplicity and ease of operations – Interset 3 can be deployed on premise in a standard Hadoop deployment or through the secure Interset Threat Analytics Cloud (I-TAC). The I-TAC deployment includes the new Interset Data Gateway, which collects, anonymizes, and secures data before it connects it to the I-TAC for deep analysis. The Interset Data Gateway also acts as a secure presentation layer for the Interset platform.
- Greater visibility to risk – Interset combines and correlates data from Splunk, directory stores, IP repositories and endpoints with new correlation and analytic models to detect and surface compromised accounts, insider threats and IP at risk of data exfiltration.
- Improved accuracy – New data correlation and user case-based analytics automatically identify, surface and prioritize threats while removing noise and false positives. New “account compromise” analytic models include: anomalous application usage, abnormal data access clusters, failed logins, uncharacteristic data movements, unusual volume-metric transfers and more.
- New Threat Context Views – Customers deploying Interset 3 can instantly see with unprecedented accuracy “context views” of an attack, connecting and visualizing the actual stages of an attack as they unfold. This new view allows investigators to quickly understand the “who, what, where and how” of an attack.
- New deep investigation search – “Investigation View” enables investigators to quickly pinpoint user, machine, file and application attack forensics and automatically export this data to Splunk and other incident response systems.