Industry’s First Intuitive Platform Incorporates Endpoint and Network Visibility, Multi-Source Threat Intelligence, Integration, and Automation Capabilities for Faster Response to Cyber Attacks
AccessData, the leader in incident resolution solutions, have announced the InSight™ Platform, a revolutionary cybersecurity system enabling enterprises to adeptly manage the rapidly accelerating volume of data incidents caused by cyber-attacks, mobile risk, GRC (Governance Risk & Compliance) and eDiscovery requests.
In today’s sophisticated threat landscape, CISOs and IT departments face daunting information security challenges. The detection of critical cyber-attacks takes too long. The overwhelming volume of data and alerts from existing security investments do not provide the context needed for analysts to prioritize incidents. And legacy tools, used to investigate and resolve incidents, are comprised of multiple point products, requiring manual processes and scarce expert talent. As a result, it has become painstakingly difficult and cost prohibitive to detect, respond and mitigate threats quickly and intelligently, with CISOs and IT departments often simply working to get compromised systems back online, without investigating or resolving events so they can be prevented in the future.
The intuitive InSight Platform enables the entire incident detection, analysis and resolution lifecycle in a single, consolidated platform with the ability to automate every step. As threats are identified, endpoint and network forensics information, contextual data, and analysis results are automatically obtained, digested and presented in a unified view for immediate analysis. Delivering on AccessData’s vision of Continuous Automated Incident Resolution (CAIR™), the InSight Platform has one common code base that consolidates existing market-leading cybersecurity, forensics and e-Discovery products and leverages their combined capabilities to identify and resolve every data incident or data request as efficiently and accurately as possible.
“The traditional incident response infrastructure is a fragmented patchwork of network, endpoint and Security Information and Event Management (SIEM) tools, which do not interoperate well,” said Golan Ben-Oni, CSO and SVP Network Architecture, IDT Telecom. “Security demands real-time, automated response. Integrating my SIEM with AccessData’s InSight Platform has reduced our response times from 12 hours to 2.5 hours. That’s an 80% reduction in response time.[i]”
“The reality of today’s cybersecurity world is one of continuous compromise, where every network has unauthorized people doing unknown things at any given time,” said Craig Carpenter, CMO, AccessData. “In an environment of compromise, the ability to continuously detect, quarantine, respond to and resolve such incidents is an absolute must-have for any business or government entity. And with the massive growth and diversity of information, the need to automate as much of the incident resolution process as possible is obvious. The InSight Platform is the market’s first incident resolution solution, working seamlessly with legacy investments to give CISOs and IT departments comprehensive, real-time visibility into threats and incidents and the ability to remediate and resolve them quickly and easily. We look forward to delivering enormously beneficial response time reductions like those experienced by IDT to enterprises and government entities across the globe.”
The InSight Platform enables:
– Enterprise visibility into network traffic and endpoint data, including mobile devices
– Consolidated capabilities to identify, analyze and resolve incidents as they occur
– Maximization of existing security investments such as SIEMs, firewalls, next-gen malware detection and sandboxes through bi-directional integrations
– Flexible and powerful automation of the incident resolution process, including the handling of any investigatory or legal matter
ThreatBridge Engine
The InSight™ Platform’s ThreatBridge™ engine is the first offering to consume and weaponize threat intelligence by supporting multiple formats and integrations:
– Multiple threat intelligence feed integrations (e.g. Norse Darklist, ThreatGRID) and the extensible Collective Intelligence Framework weaponized at the network and across endpoints in real-time
– Consumes a myriad of standards (e.g. OpenIOC, YARA) used to hunt for malware and other indicators of compromise
– Multiple lookup and analysis service integrations (e.g. VirusTotal, Cuckoo, Metascan) adds additional context
– Automated analysis, alert confirmation and resolution with next-gen appliances (e.g. FireEye)
– Endpoint Threat Monitoring provides customizable machine event recording, event playback and real-time threat detection against ThreatBridge feeds
InSight Platform’s Key Differentiators
– Automation can decrease response time and manual labor by 80% or more[ii]– The ThreatBridge engine consumes multiple threat intelligence sources and weaponizes them across both network traffic and endpoint data including mobile devices
– Full-featured endpoint and network forensics
– Provides all the capabilities needed by security analysts in a single, consolidated view and platform
– Consolidated lightweight endpoint agent displaces multiple niche agents
Key Enterprise Benefits
– Maintains business continuity and protects brand reputation by identifying and resolving every incident as early as possible, before attackers succeed
– Reduces risks by minimizing threat dwell time, resolving faster and understanding context
– Significantly lowers incident handling costs through consolidation, integration and automation
Visit AccessData at RSA 2014, San Francisco
Booth #2338, South Expo Hall of the Moscone Center
Join us for an engaging AccessData CISO Panel Luncheon at RSA 2014.
Living in a World of Continuous Compromise
Wednesday, February 26, 2014, 12:00 – 1:30 pm PT
San Francisco Marriott, 780 Mission Street, San Francisco, Room Pacific I
Larry Ponemon and security experts talk about their secret weapons in recovering from a cyber-attack and data compromise.
RSVP at www.accessdata.com/rsa-lunch
About AccessData
AccessData Group makes the world’s most advanced and intuitive incident resolution solutions. AccessData technology delivers real-time insight, analysis, response and resolution of data incidents, including cyber threats, insider threats, mobile and BYOD risk, GRC (Governance Risk & Compliance) and eDiscovery events. Over 130,000 users in corporations, law enforcement, government agencies, and law firms around the world rely on AccessData software to protect them against the risks present in today’s environment of continuous compromise. http://accessdata.com.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.