Vulnerabilities / Threats
2/24/2014
02:01 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

AccessData Introduces Continuous, Automated Incident Resolution Platform

InSight Platform enables enterprise visibility into network traffic and endpoint data, including mobile devices

Lindon, UT– February 19, 2014 - AccessData, the leader in incident resolution solutions, today announced the InSight&trade Platform, a revolutionary cybersecurity system enabling enterprises to adeptly manage the rapidly accelerating volume of data incidents caused by cyber-attacks, mobile risk, GRC (Governance Risk & Compliance) and eDiscovery requests.

In today's sophisticated threat landscape, CISOs and IT departments face daunting information security challenges. The detection of critical cyber-attacks takes too long. The overwhelming volume of data and alerts from existing security investments do not provide the context needed for analysts to prioritize incidents. And legacy tools, used to investigate and resolve incidents, are comprised of multiple point products, requiring manual processes and scarce expert talent. As a result, it has become painstakingly difficult and cost prohibitive to detect, respond and mitigate threats quickly and intelligently, with CISOs and IT departments often simply working to get compromised systems back online, without investigating or resolving events so they can be prevented in the future.

The intuitive InSight Platform enables the entire incident detection, analysis and resolution lifecycle in a single, consolidated platform with the ability to automate every step. As threats are identified, endpoint and network forensics information, contextual data, and analysis results are automatically obtained, digested and presented in a unified view for immediate analysis. Delivering on AccessData's vision of Continuous Automated Incident Resolution (CAIR&trade), the InSight Platform has one common code base that consolidates existing market-leading cybersecurity, forensics and e-Discovery products and leverages their combined capabilities to identify and resolve every data incident or data request as efficiently and accurately as possible.

"The traditional incident response infrastructure is a fragmented patchwork of network, endpoint and Security Information and Event Management (SIEM) tools, which do not interoperate well," said Golan Ben-Oni, CSO and SVP Network Architecture, IDT Telecom. "Security demands real-time, automated response. Integrating my SIEM with AccessData's InSight Platform has reduced our response times from 12 hours to 2.5 hours. That's an 80% reduction in response time. "

"The reality of today's cybersecurity world is one of continuous compromise, where every network has unauthorized people doing unknown things at any given time," said Craig Carpenter, CMO, AccessData. "In an environment of compromise, the ability to continuously detect, quarantine, respond to and resolve such incidents is an absolute must-have for any business or government entity. And with the massive growth and diversity of information, the need to automate as much of the incident resolution process as possible is obvious. The InSight Platform is the market's first incident resolution solution, working seamlessly with legacy investments to give CISOs and IT departments comprehensive, real-time visibility into threats and incidents and the ability to remediate and resolve them quickly and easily. We look forward to delivering enormously beneficial response time reductions like those experienced by IDT to enterprises and government entities across the globe."

The InSight Platform enables:

• Enterprise visibility into network traffic and endpoint data, including mobile devices

• Consolidated capabilities to identify, analyze and resolve incidents as they occur

• Maximization of existing security investments such as SIEMs, firewalls, next-gen malware detection and sandboxes through bi-directional integrations

• Flexible and powerful automation of the incident resolution process, including the handling of any investigatory or legal matter

ThreatBridge Engine

The InSight&trade Platform's ThreatBridge&trade engine is the first offering to consume and weaponize threat intelligence by supporting multiple formats and integrations:

• Multiple threat intelligence feed integrations (e.g. Norse Darklist, ThreatGRID) and the extensible Collective Intelligence Framework weaponized at the network and across endpoints in real-time

• Consumes a myriad of standards (e.g. OpenIOC, YARA) used to hunt for malware and other indicators of compromise

• Multiple lookup and analysis service integrations (e.g. VirusTotal, Cuckoo, Metascan) adds additional context

• Automated analysis, alert confirmation and resolution with next-gen appliances (e.g. FireEye)

• Endpoint Threat Monitoring provides customizable machine event recording, event playback and real-time threat detection against ThreatBridge feeds

InSight Platform's Key Differentiators

• Automation can decrease response time and manual labor by 80% or more

• The ThreatBridge engine consumes multiple threat intelligence sources and weaponizes them across both network traffic and endpoint data including mobile devices

• Full-featured endpoint and network forensics

• Provides all the capabilities needed by security analysts in a single, consolidated view and platform

• Consolidated lightweight endpoint agent displaces multiple niche agents

Key Enterprise Benefits

• Maintains business continuity and protects brand reputation by identifying and resolving every incident as early as possible, before attackers succeed

• Reduces risks by minimizing threat dwell time, resolving faster and understanding context

• Significantly lowers incident handling costs through consolidation, integration and automation

Visit AccessData at RSA 2014, San Francisco

Booth #2338, South Expo Hall of the Moscone Center

Join us for an engaging AccessData CISO Panel Luncheon at RSA 2014.

Living in a World of Continuous Compromise

Wednesday, February 26, 2014, 12:00 – 1:30 pm PT

San Francisco Marriott, 780 Mission Street, San Francisco, Room Pacific I

Larry Ponemon and security experts talk about their secret weapons in recovering from a cyber-attack and data compromise.

RSVP at www.accessdata.com/rsa-lunch

Additional Resources

InSight Platform overview

InSight Platform brochure

InSight Platform data sheet

Blog: Introducing AccessData InSight Platform: Enterprise Intelligence across the Organization

Blog: InSight Platform Accelerates the Speed of Incident Resolution

Case Study: IDT Corporation Reduces Response Times By 80%

Ponemon Study on Threat Intelligence and Incident Response report

Follow us on Twitter at @AccessDataGroup.

About AccessData

AccessData Group makes the world's most advanced and intuitive incident resolution solutions. AccessData technology delivers real-time insight, analysis, response and resolution of data incidents, including cyber threats, insider threats, mobile and BYOD risk, GRC (Governance Risk & Compliance) and eDiscovery events. Over 130,000 users in corporations, law enforcement, government agencies, and law firms around the world rely on AccessData software to protect

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-0334
Published: 2014-10-31
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

CVE-2014-2334
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2335
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2336
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.

CVE-2014-3366
Published: 2014-10-31
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.