Interset Applies Machine Learning to Sniff Out Stealthy Cyber-Threats

By Frank Ohlhorst  |  Posted 2016-01-03 Print this article Print
Interset Review

Interset brings artificial intelligence to the fight against enterprise cyber-threats, using machine learning techniques that leverage advanced malware scanning algorithms.

Enterprises battling cyber-threats can find a new ally in Interset’s threat management platform, which combines machine learning with a massive data repository to identify suspected malware that would otherwise go undetected.

Interset accomplishes this ambitious goal by using extensive data ingestion capabilities that correlate events and activities with network activity to determine the level of risk that activity poses at any given time.

A Closer Look at Interset:

Interset goes about threat detection in a different fashion than most similar products. Simply put, Interset combines machine learning and big data analytics to examine normally unrelated bits of data to find relationships and expose trends that pose potential hazards.

m Interset is able to identify potential threats because it analyzes data from multiple sources related to the movement of data across or within a network, while also gathering information about the entities involved.

An entity can be anything that impacts the transmission or consumption of data, such as a user, an endpoint, or an application. What’s more, that platform can also track the access of sensitive files and usage patterns of a given entity to detect abnormal activity that might identify potential threats and display it through alerts and dashboards.

In a nutshell, Interset boasts the following features:

*It connects and aggregates a broad range of data sources, including endpoints, directories, IP repositories, such as PLM, SCM, and content management tools like SharePoint into analytic models to increase the accuracy and timeliness of threat detection.

* It employs multiple, probabilistic math models to more accurately recognize and trigger alerts about users, machines, repositories and/or files that are under threat.

* It delivers prioritized and contextually rich views of the entities and events related to risks and threats so security teams understand which events represent the greatest risk and what to do to stop them before data is lost.

Hands On with Interset:

Getting started with Interset requires little more than using the Interset Data Gateway (I-DG), which is deployed on premises as a data collection, aggregation, anonymization, encryption, and communication appliance.

The I-DG provides an anonymized data analytics capability, which works by incorporating behavioral analytic models that are run against an anonymized log and metadata. It’s important to note that all data remains private, secure, and completely in control of the customer.

Data ingestion and processing are the key tasks of the I-DG, which is managed via a browser- based console. Setup consists of defining the how, why and where of data collection, which can then be analyzed using self-evolving algorithms that are powered by the device’s machine learning capabilities. Wizards and interactive help screens smooth the process of creating use cases, which in essence are administrator-defined policies.

The use cases are critical elements for creating alerts, defining actions, and driving reports. Use cases leverage Boolean logic to drive actions. Examples include the following plain English constructs: “If Analytics detects that Someone has Been Behaving Strangely where Any of the Following are True the Risk is Greater than 50 then Call a Script script Block_Login.PL."

Administrators create the constructs using pull-down menu fields that offer several pre-populated options. In the example above, each of the bold-italicized terms are available via pull down lists, making it very simple to create complex use cases that can fulfill a multitude of security needs.

Much the same can be said for the data ingestion process, where wizards guide administrators through the essential steps to gather data to be analyzed. The product can work with all types of data via Interset Connectors, which are basically predefined connection scripts for PLM, SIEM, SCM and DLP data types from leading platforms, such Splunk, SAP, Siemens, RSA, Symantec, and dozens more.



Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel