Collaborative Discovery in Cyber Security

Written by: RANK Software  |  September 28, 2016

Best of Man & Machine working in harmony to discover security vulnerabilities in an Enterprise

What does Collaborative Discovery mean in the context of RANK’s cybersecurity offering ?

1. Collaboration between different point security solutions within an enterprise.

Enterprises continue to struggle with a plethora of solutions that don’t play nicely with others. This prevents security analysts from having the right contextual data at their fingertips when performing their forensic analysis; a critical requirement to eliminate false positives. VASA excels in this regard with its loosely coupled architecture and APIs to connect to other point solutions, malware analysis tools, end point security, SIEMs and more.

2. Man and Machine Collaboration

This is the core of what VASA stands for — Best of Man & Machine working in harmony to discover security vulnerabilities in an Enterprise. While machine models are adept at finding unexpected patterns in large troves of data, we still need the human element to discern the truly malicious from the merely anomalous.

Our Machine Intelligence models are designed to detect anomalies and periodicities to reveal high risk users and machines in an enterprise. Deviations from the baseline are detected across multiple dimensions/metrics to build up an overall risk score. We then present these results to the security analysts and incident response teams in our visualization layer that is interactive and contextual, to enable the analyst to easily glean the impact and root cause of a potential threat. These visualization elements include a network graph that describes the dynamic relationship between users, machines and external IPs; and contextual queries for each distinct entity (users, machines, external IPs).

This powerful capability supports the ability to answer questions like:

i. When an alert is raised due to a connection from an external suspicious IP (one known to have a bad reputation) to an internal machine, which users are currently connected to this machine and are any of them unexpected?
ii. Did a user currently connected to this machine change their privileges unexpectedly?
iii. A list of all the external connections made to the same ASN as that of the suspicious IP?

This interactive capability allows analysts to quickly weed out false positives, via the actionable insights that our models and visualization reveal.

Comments