Finding anomalies in data sets is an effective way of identifying performance issues or indicators of compromise before they impact a business.
Being able to link those anomalies together by identifying common traits among them would be even more effective and that's what a new Anomaly Detective tool from behavioral analytics specialist Prelert does.
"IT security and operations teams are drowning in log data that, if analyzed, could tell the story of most performance issues or security threats their organization faces. However, there’s no way a person can piece that story together on their own, which is why intruders go undetected for months and performance issues can persist indefinitely," says Mark Jaffe, CEO of Prelert. "With our machine learning capabilities, Prelert enables organizations to pinpoint issues that really matter. And with significant enhancements in this new version, teams can now see how those issues relate to one another, making it even easier to detect advanced threat activity or discover the root cause of operational issues".
Anomaly Detective V4 introduces a new feature called Insights that helps tell the story behind an organization's data. It identifies time-sequenced groups of anomalies linked by one or more common entities. By using machine learning to automate data analysis, Prelert can identify unusual or suspicious behaviors and the entities -- such as users, IP addresses and domains -- that influence them. Users can then access a list of other Insights that share a common influence, helping to make certain patterns of attack stand out as being more critical than others.
Key features include pre-configured Insight definitions to enable the system to automate Insight creation for activities including cyber kill chain progressions. It also delivers the ability for analysts to create Insights based on their own environmental factors and then save, label, comment and re-use them for future detection and investigation. An Anomaly Timeline shows the temporal relationship of anomalies included in any given Insight.
For more information about Anomaly Detective or to start a free trial you can visit the Prelert website.
Photo Credit: ollyy/Shutterstock