|
|
|
|
|
AccessData’s InSight™ Platform Accelerates the Speed of Incident Resolution with Unprecedented Visibility and Threat Intelligence
Published Mar 13, 2014
|
AccessData, the leader in incident resolution solutions, today announced the InSight™ Platform, a revolutionary cybersecurity system enabling enterprises to adeptly manage the rapidly accelerating volume of data incidents caused by cyber-attacks, mobile risk, GRC (Governance Risk & Compliance) and eDiscovery requests.
In today’s sophisticated threat landscape, CISOs and IT departments face daunting information security challenges. The detection of critical cyber-attacks takes too long. The overwhelming volume of data and alerts from existing security investments do not provide the context needed for analysts to prioritize incidents. And legacy tools, used to investigate and resolve incidents, are comprised of multiple point products, requiring manual processes and scarce expert talent. As a result, it has become painstakingly difficult and cost prohibitive to detect, respond and mitigate threats quickly and intelligently, with CISOs and IT departments often simply working to get compromised systems back online, without investigating or resolving events so they can be prevented in the future.
The intuitive InSight Platform enables the entire incident detection, analysis and resolution lifecycle in a single, consolidated platform with the ability to automate every step. As threats are identified, endpoint and network forensics information, contextual data, and analysis results are automatically obtained, digested and presented in a unified view for immediate analysis. Delivering on AccessData’s vision of Continuous Automated Incident Resolution (CAIR™), the InSight Platform has one common code base that consolidates existing market- leading cybersecurity, forensics and e-Discovery products and leverages their combined capabilities to identify and resolve every data incident or data request as efficiently and accurately as possible.
“The traditional incident response infrastructure is a fragmented patchwork of network, endpoint and Security Information and Event Management (SIEM) tools, which do not interoperate well,” said Golan Ben-Oni, CSO and SVP Network Architecture, IDT Telecom. “Security demands real-time, automated response. Integrating my SIEM with AccessData’s InSight Platform has reduced our response times from 12 hours to 2.5 hours. That’s an 80% reduction in response time.”
“The reality of today’s cybersecurity world is one of continuous compromise, where every network has unauthorized people doing unknown things at any given time,” said Craig Carpenter, CMO, AccessData. “In an environment of compromise, the ability to continuously detect, quarantine, respond to and resolve such incidents is an absolute must-have for any business or government entity. And with the massive growth and diversity of information, the need to automate as much of the incident resolution process as possible is obvious. The InSight Platform is the market’s first incident resolution solution, working seamlessly with legacy investments to give CISOs and IT departments comprehensive, real-time visibility into threats and incidents and the ability to remediate and resolve them quickly and easily. We look forward to delivering enormously beneficial response time reductions like those experienced by IDT to enterprises and government entities across the globe.”
The InSight Platform enables:
> Enterprise visibility into network traffic and endpoint data, including mobile devices
> Consolidated capabilities to identify, analyze and resolve incidents as they occur
> Maximization of existing security investments such as SIEMs, firewalls, next-gen malware detection and sandboxes through bi-directional integrations
> Flexible and powerful automation of the incident resolution process, including the handling of any investigatory or legal matter
ThreatBridge Engine
The InSight™ Platform’s ThreatBridge™ engine is the first offering to consume and weaponize threat intelligence by supporting multiple formats and integrations:
> Multiple threat intelligence feed integrations (e.g. Norse Darklist, ThreatGRID) and the extensible Collective Intelligence Framework weaponized at the network and across endpoints in real-time
> Consumes a myriad of standards (e.g. OpenIOC, YARA) used to hunt for malware and other indicators of compromise
> Multiple lookup and analysis service integrations (e.g. VirusTotal, Cuckoo, Metascan) adds additional context
> Automated analysis, alert confirmation and resolution with next-gen appliances (e.g.FireEye)
> Endpoint Threat Monitoring provides customizable machine event recording, event playback and real-time threat detection against ThreatBridge feeds
InSight Platform’s Key Differentiators
> Automation can decrease response time and manual labor by 80% or more
> The ThreatBridge engine consumes multiple threat intelligence sources and weaponizes them across both network traffic and endpoint data including mobile devices
> Full-featured endpoint and network forensics
> Provides all the capabilities needed by security analysts in a single, consolidated view and platform
> Consolidated lightweight endpoint agent displaces multiple niche agents
Key Enterprise Benefits
> Maintains business continuity and protects brand reputation by identifying and resolving every incident as early as possible, before attackers succeed
> Reduces risks by minimizing threat dwell time, resolving faster and understanding context
> Significantly lowers incident handling costs through consolidation, integration and automation
Posted by
VMD - [Virtual Marketing Department]
|
|
|
