In our continuing quest to leverage big data technology to add value to Security Analysts to combat cyber threats, RANK is excited to announce the launch of our User & Entity Behavior Analytics product as part of the VASA platform. Our latest release allows us to take a significant step towards answering the question
RANK’s UEBA Offering
Typical Cyber Security solutions (Firewalls, Anti-Virus, SIEMs) are not effective for a complete security solution for a variety of reasons.
· They are typically rule-based and hence cannot combat unknown threats.
· They are not capable of dealing with insider threats.
· They are not well suited for searching and hunting of cyber threats within an enterprise.
Behavioral Analytics complements traditional cybersecurity solutions by baselining behavior across users and machines and highlighting anomalous behavior within the enterprise. They help answer questions like
· Who are the users and systems most prone to a cyber intrusion?
· Is there any incidence of malicious insider activity in the enterprise?
· What is the impact of a given threat or breach?
· What is its root cause?
· What is the priority of any given threat or breach?
What makes RANK’s Behavioral Offering Unique
RANK’s UEBA offering combines Big Data technologies, Machine Learning and proprietary algorithms to help discover insightful information and actionable intelligence around insider threats and targeted attacks.
We support multiple use cases around Insider Threats, Dynamic Entity Link Analysis, Privileged Account Misuse and Advanced & Targeted Attack identification.
How does it work?
1. Man and Machine Collaboration
This is the core of what RANK stands for — Best of Man & Machine working in harmony to discover security vulnerabilities in an Enterprise. While machine models are adept at finding unexpected patterns in large troves of data, we still need the human element to discern the truly malicious from the merely anomalous.
We use an ensemble of Machine Learning algorithms to detect anomalies and periodicity across 9 different dimensions of user and machine activity to reveal high risk users and machines in an enterprise.
2. Threat score for Assets (Machines and Individuals) in an organization
We have extended our Contextualization algorithm for prioritizing Security Incidents to create a Relative Threat Score for every networked machine or employee in an organization. Analysts have immediate actionable intelligence of the highest risk assets in their organization
The Threat Score takes into account the number of anomaly events triggered by the intelligence engine; the importance of the asset within the organization and other domain rules.
3. Collaborative Discovery for Actionable Intelligence
RANK provides Visualization specifically designed to aid the security analyst to drill down on detected threats and search/hunt for other anomalies in their network. A unique 4 panel interactive view allows analysts to discover actionable intelligence. This Dynamic Link Analysis model renders each threat as a network graph that describes the relationship between external IPs, internal machines and the users connected to this machine.
The network graph and timeline view also support contextual queries for each distinct element in the graph. This powerful capability supports the ability to answer questions like:
This interactive capability allows analysts to quickly weed out false positives, via the actionable insights that our models and visualization reveal