Enterprises battling cyber-threats can find a new ally in Interset’s threat management platform, which combines machine learning with a massive data repository to identify suspected malware that would otherwise go undetected.
Interset accomplishes this ambitious goal by using extensive data ingestion capabilities that correlate events and activities with network activity to determine the level of risk that activity poses at any given time.
A Closer Look at Interset:
Interset goes about threat detection in a different fashion than most similar products. Simply put, Interset combines machine learning and big data analytics to examine normally unrelated bits of data to find relationships and expose trends that pose potential hazards.
m Interset is able to identify potential threats because it analyzes data from multiple sources related to the movement of data across or within a network, while also gathering information about the entities involved.
An entity can be anything that impacts the transmission or consumption of data, such as a user, an endpoint, or an application. What’s more, that platform can also track the access of sensitive files and usage patterns of a given entity to detect abnormal activity that might identify potential threats and display it through alerts and dashboards.
In a nutshell, Interset boasts the following features:
*It connects and aggregates a broad range of data sources, including endpoints, directories, IP repositories, such as PLM, SCM, and content management tools like SharePoint into analytic models to increase the accuracy and timeliness of threat detection.
* It employs multiple, probabilistic math models to more accurately recognize and trigger alerts about users, machines, repositories and/or files that are under threat.
* It delivers prioritized and contextually rich views of the entities and events related to risks and threats so security teams understand which events represent the greatest risk and what to do to stop them before data is lost.
Hands On with Interset:
Getting started with Interset requires little more than using the Interset Data Gateway (I-DG), which is deployed on premises as a data collection, aggregation, anonymization, encryption, and communication appliance.
The I-DG provides an anonymized data analytics capability, which works by incorporating behavioral analytic models that are run against an anonymized log and metadata. It’s important to note that all data remains private, secure, and completely in control of the customer.
Data ingestion and processing are the key tasks of the I-DG, which is managed via a browser- based console. Setup consists of defining the how, why and where of data collection, which can then be analyzed using self-evolving algorithms that are powered by the device’s machine learning capabilities. Wizards and interactive help screens smooth the process of creating use cases, which in essence are administrator-defined policies.
The use cases are critical elements for creating alerts, defining actions, and driving reports. Use cases leverage Boolean logic to drive actions. Examples include the following plain English constructs: “If Analytics detects that Someone has Been Behaving Strangely where Any of the Following are True the Risk is Greater than 50 then Call a Script script Block_Login.PL.”
Administrators create the constructs using pull-down menu fields that offer several pre-populated options. In the example above, each of the bold-italicized terms are available via pull down lists, making it very simple to create complex use cases that can fulfill a multitude of security needs.
Much the same can be said for the data ingestion process, where wizards guide administrators through the essential steps to gather data to be analyzed. The product can work with all types of data via Interset Connectors, which are basically predefined connection scripts for PLM, SIEM, SCM and DLP data types from leading platforms, such Splunk, SAP, Siemens, RSA, Symantec, and dozens more.
Interset Applies Machine Learning to Sniff Out Stealthy Cyber-Threats
Interset also can gather data using Interset Endpoint Sensors, which run on Windows and Apple OS X platforms.
Dealing with threats
Unlike typical security products that rely on signatures and packet analysis, Interset offers a more nuanced approach that ties threat detection to the concept of behavior. The Interset platform learns the behavior of users, applications, devices and more to conceptualize what normal behavior is and uses that as a litmus test to detect suspicious behavior.
For example, the Interset analytics engine can quickly identify a behavior pattern, such as “Joe User” always logs into the accounts payable application from “Your Town, USA” during normal working hours.
While that may be an over simplification of user behavior, it does illustrate the point that machine learning is able to determine normal usage and then alert if that usage falls out of norm, such as “Joe User” logging in to the sales system in the middle of the night from a remote office. An activity such as that will trigger a warning.
Add to that other user or application activity, such as surfing the Web during lunch breaks or accessing the Human Resources system every second Thursday, and Interset can create a very reliable, detailed profile of activity. The less someone strays from predicted activity, the higher their reputation score becomes.
Interset can detect usage patterns that are much more subtle than the one described above, where even the smallest of anomalous use cases can trigger alarms, such as an Advanced Persistent Threat where the suspicious activity is usually hidden in the volume of normally unrelated events. That is precisely where the advanced algorithms and machine learning comes into play.
Interset is able to uncover those normally overlooked relationships among data, devices, users, locations and applications to create a reputation score, as well as execute policy based upon administrator rules.
Stories reveal events
Interset uses different terminologies than most security products. For example, the product calls a series of recorded events a “story.” In other words, a story is told via a report that illustrates what has happened based upon a filter set the administrator has selected.
Stories are a critical element of the Interset platform because they reveal dominant behaviors and illustrate what activities are taking place on the network and how those activities fit into normalized behavior. Stories are further put to use as an educational element when administrators use a story to help define use cases.
What’s more, stories help put threats into context to help administrators fully comprehend the risk behind certain behaviors related to a particular activity. Once again, that ties into the reputation-based scoring offered by the product.
Ideally, stories placed in context become the litmus test for determining normalized traffic, which the machine learning component uses to continually fine tune risk scoring. That in turn creates a security shield that constantly evolves to detect new threats, all without human intervention. This technology makes the platform ideal for combating the next generation of advanced threats, which likely will be based upon artificial intelligence technology to weave their way into hardened networks.
Interset goes above and beyond the capabilities of the majority of security products on the market. By integrating machine learning with reputation scoring along with identified behavior patterns, Interset is able to counter threats as they arise, evolve and mutate into entities that were previously never seen.
As a result, Interset conquers the biggest failing of most security products — the reliance on signatures and identified behaviors to protect systems.