Interset Applies Machine Learning to Sniff Out Stealthy Cyber-Threats

By Frank Ohlhorst  |  Posted 2016-01-03 Print this article Print
Interset Review

Interset also can gather data using Interset Endpoint Sensors, which run on Windows and Apple OS X platforms.

Dealing with threats

Unlike typical security products that rely on signatures and packet analysis, Interset offers a more nuanced approach that ties threat detection to the concept of behavior. The Interset platform learns the behavior of users, applications, devices and more to conceptualize what normal behavior is and uses that as a litmus test to detect suspicious behavior.

For example, the Interset analytics engine can quickly identify a behavior pattern, such as “Joe User” always logs into the accounts payable application from “Your Town, USA” during normal working hours.

While that may be an over simplification of user behavior, it does illustrate the point that machine learning is able to determine normal usage and then alert if that usage falls out of norm, such as “Joe User” logging in to the sales system in the middle of the night from a remote office. An activity such as that will trigger a warning.

Add to that other user or application activity, such as surfing the Web during lunch breaks or accessing the Human Resources system every second Thursday, and Interset can create a very reliable, detailed profile of activity. The less someone strays from predicted activity, the higher their reputation score becomes.

Interset can detect usage patterns that are much more subtle than the one described above, where even the smallest of anomalous use cases can trigger alarms, such as an Advanced Persistent Threat where the suspicious activity is usually hidden in the volume of normally unrelated events. That is precisely where the advanced algorithms and machine learning comes into play.

Interset is able to uncover those normally overlooked relationships among data, devices, users, locations and applications to create a reputation score, as well as execute policy based upon administrator rules.

Stories reveal events

Interset uses different terminologies than most security products. For example, the product calls a series of recorded events a “story." In other words, a story is told via a report that illustrates what has happened based upon a filter set the administrator has selected.

Stories are a critical element of the Interset platform because they reveal dominant behaviors and illustrate what activities are taking place on the network and how those activities fit into normalized behavior. Stories are further put to use as an educational element when administrators use a story to help define use cases.

What’s more, stories help put threats into context to help administrators fully comprehend the risk behind certain behaviors related to a particular activity. Once again, that ties into the reputation-based scoring offered by the product.

Ideally, stories placed in context become the litmus test for determining normalized traffic, which the machine learning component uses to continually fine tune risk scoring. That in turn creates a security shield that constantly evolves to detect new threats, all without human intervention. This technology makes the platform ideal for combating the next generation of advanced threats, which likely will be based upon artificial intelligence technology to weave their way into hardened networks.

Interset goes above and beyond the capabilities of the majority of security products on the market. By integrating machine learning with reputation scoring along with identified behavior patterns, Interset is able to counter threats as they arise, evolve and mutate into entities that were previously never seen.

As a result, Interset conquers the biggest failing of most security products -- the reliance on signatures and identified behaviors to protect systems.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel