RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

Aruba IntroSpect UEBA User and Entity Behavior Analytics

Product
Developers: Aruba Networks
Last Release Date: 2017/09/26
Technology: Information Security - Information Leakage Prevention,  Information Security - Information and Event Management in the Security System (SIEM),  MCDS - Access Control and Control Systems

Content

Aruba IntroSpect UEBA (User and Entity Behavior Analytics) is a network-independent family of software for continuous monitoring and advanced attack detection, part of the Aruba 360 Secure Fabric platform.

Aruba IntroSpect uses machine learning to determine where personal data is stored and detects abnormal activity across the network that could indicate potential security threats. IntroSpect uses this knowledge to provide a point-based risk assessment of each connected user, device, system, and database. Thus, the solution focuses the attention of IT departments and security specialists on problems and ensures that future attacks do not go unnoticed.

Machine learning

The Aruba IntroSpect UEBA family includes a basic configuration model that uses machine learning technologies to detect changes in device behavior indicating that attacks have been able to bypass traditional defense methods. Machine learning algorithms determine the level of risk based on the severity of an attack to speed up incident analysis for cybersecurity departments.

Structure

The IntroSpect UEBA family includes Aruba IntroSpect Standard and the flagship Aruba IntroSpect Advanced solution, which has additional functionality. In addition, the Network Access Control (NAC) solution and the Aruba ClearPass policy management system are now integrated with Aruba IntroSpect.

"IntroSpect Standard offers the companies an optimal method of implementation of protection of network using behavioural analytics using machine learning technologies and, at least, three data sources, says Vivekkumar Muthukrishnan, Big Data Developer. It reduces time for ensuring protection of corporate information and user data. The solution is specially developed for basic monitoring and identification of often scarcely noticeable aberrant behavior in network for mobile and IoT-devices, cloud environments and applications, with the purpose to detect the first signs of cyber attack or date leak".

Aruba IntroSpect Standard

IntroSpect Standard offers companies an optimal way to implement network protection using behavioral analytics using machine learning technologies and at least three data sources. This reduces the time it takes to secure corporate information and user data. The solution is specifically designed for basic monitoring and detection of often subtle anomalous behavior on the network for mobile and IoT devices, cloud environments and applications, in order to detect the first signs of a cyber attack or data breach.

The solution uses common data sources, including Microsoft Active Directory or other authentication data, as well LDAP as Aruba Infrastructure firewall CheckPoint Palo Alto Networks Aruba Monitoring Logs (AMONs). Actions to move to quarantine, impose various restrictions and eliminate identified threats can be taken quickly using Aruba ClearPass.

Security departments using IntroSpect Standard can change the version of the solution to IntroSpect Advanced if necessary.

Aruba IntroSpect Advanced

IntroSpect Advanced offers a broader set of security technologies than Aruba IntroSpect Standard to detect attacks using more data sources, helping to analyze incidents faster and provide improved proactive threat detection as well as the expertise needed. More than 100 machine learning models have been added to the solution that use data from sources such as packets, streams, logs, alerts, as well as traffic from endpoints, including mobile devices and IoT devices.

Features of the Advanced version include:

  • Optimized protection with dynamic machine learning, enabling the security team to easily customize IntroSpect analytical models based on current threat data and protection priorities. The solution includes a "chain" in which more than 100 source machine learning models can be linked together to create new threat detection and risk assessment scenarios.
  • Form groups of similar devices for mobile, IoT and cloud solutions using the ClearPass profiling function, even if only their IP address is known. For example, ClearPass will classify an object as a surveillance camera or factory sensor, and IntroSpect will map its behavior to a similar group of devices. IntroSpect will note unusual device behavior based on comparison with the behavior of similar groups of devices, which is important in the context of the growing importance of behavioral analytics for the increasing number of types of IoT devices.
  • Faster recovery with integrated attack response, enabling security analysts to respond to attacks by launching ClearPass action directly from the IntroSpect console.

See also

Источник — «https://tadviser.com/index.php/Product:Aruba_IntroSpect_UEBA_(User_and_Entity_Behavior_Analytics)»

Шестерня

The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article

If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible.

How to create a "smart plant": Key characteristics of a modern digital enterprise
Model Studio CS: How to use BIM to give new impetus to the development of the fuel and energy complex