Point releases are not usually a big deal. And while we could have quietly released the latest version of our real-time threat analytics and alerting component of the STEALTHbits’ Data Access Governance suite, the team worked hard to incorporate the feedback we received and make significant strides.
The cyber security industry skills gap continues to increase; some, myself included believe that skills are not the only shortage we face. Many security challenges are becoming too complex to solve via traditional software engineering methods, and data is increasingly becoming important to guide problem solving. We cannot however expect security professionals to become data scientist or data scientist to become security professionals en masse. It is the intersection of Machine Learning and Data Access Governance where StealthDEFEND applies mathematical models to can extract knowledge from data, eliminating excessive and undifferentiated warnings to surface truly meaningful trends and alerts on attempts to compromise your sensitive data. So yeah, I am excited about this point release.
What’s new in StealthDEFEND 1.1?
A common theme among Machine Learning solutions is their lack of transparency, creating black boxes that do not provide transparency into their computations and assumptions. StealthDEFEND has a lot of great mathematical methods to detect threats out of the box, and we will continue to develop these analytics to keep up with today’s fast moving threat landscape – to solve the machine black box issues, we are also introducing a way for users to deep dive into all of their DEFEND data using a series of customizable filters to discover threats unique to their organization.
Introducing investigations! Investigations are a series of user created, customizable filters that are also “Identity Aware”. This awareness allows users to tie threat data to user information such as user logon name or group membership. All investigations can be saved for later use or turned into alerts to be monitored just like all other out-of-the-box threats.
Take for example the user created investigation pictured below, it has been customized to show Access Denied Reads on Sensitive Data who are NOT members of the HR department.
Pretty cool huh? That’s just the tip of what you can accomplish with DEFEND’s investigations capabilties.
Automatic User Profile Population
StealthDEFEND now automatically populates user profiles for each observed user that appears in threats! This means that you can sync User Details such as Department, Title, Manager, Display Name, User Group Membership, etc… into StealthDEFEND providing analyst with the type of context that typically requires manually switching back to the ADUC MMC to obtain. No more screen switching!
Can you see why I am excited about StealthDEFEND 1.1 yet? I invite you to see how StealthDEFEND’s unsupervised machine learning approach to discovering insider threats enables many users and organizations to minimize their mean time to threat discovery.
DEFEND like your data depends on it!
Upcoming StealthDEFEND Webinar: http://go.stealthbits.com/l/71852/2018-03-28/7ptg9w