Vulnerabilities / Threats
2/24/2014
02:01 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

AccessData Introduces Continuous, Automated Incident Resolution Platform

InSight Platform enables enterprise visibility into network traffic and endpoint data, including mobile devices

Lindon, UT– February 19, 2014 - AccessData, the leader in incident resolution solutions, today announced the InSight&trade Platform, a revolutionary cybersecurity system enabling enterprises to adeptly manage the rapidly accelerating volume of data incidents caused by cyber-attacks, mobile risk, GRC (Governance Risk & Compliance) and eDiscovery requests.

In today's sophisticated threat landscape, CISOs and IT departments face daunting information security challenges. The detection of critical cyber-attacks takes too long. The overwhelming volume of data and alerts from existing security investments do not provide the context needed for analysts to prioritize incidents. And legacy tools, used to investigate and resolve incidents, are comprised of multiple point products, requiring manual processes and scarce expert talent. As a result, it has become painstakingly difficult and cost prohibitive to detect, respond and mitigate threats quickly and intelligently, with CISOs and IT departments often simply working to get compromised systems back online, without investigating or resolving events so they can be prevented in the future.

The intuitive InSight Platform enables the entire incident detection, analysis and resolution lifecycle in a single, consolidated platform with the ability to automate every step. As threats are identified, endpoint and network forensics information, contextual data, and analysis results are automatically obtained, digested and presented in a unified view for immediate analysis. Delivering on AccessData's vision of Continuous Automated Incident Resolution (CAIR&trade), the InSight Platform has one common code base that consolidates existing market-leading cybersecurity, forensics and e-Discovery products and leverages their combined capabilities to identify and resolve every data incident or data request as efficiently and accurately as possible.

"The traditional incident response infrastructure is a fragmented patchwork of network, endpoint and Security Information and Event Management (SIEM) tools, which do not interoperate well," said Golan Ben-Oni, CSO and SVP Network Architecture, IDT Telecom. "Security demands real-time, automated response. Integrating my SIEM with AccessData's InSight Platform has reduced our response times from 12 hours to 2.5 hours. That's an 80% reduction in response time. "

"The reality of today's cybersecurity world is one of continuous compromise, where every network has unauthorized people doing unknown things at any given time," said Craig Carpenter, CMO, AccessData. "In an environment of compromise, the ability to continuously detect, quarantine, respond to and resolve such incidents is an absolute must-have for any business or government entity. And with the massive growth and diversity of information, the need to automate as much of the incident resolution process as possible is obvious. The InSight Platform is the market's first incident resolution solution, working seamlessly with legacy investments to give CISOs and IT departments comprehensive, real-time visibility into threats and incidents and the ability to remediate and resolve them quickly and easily. We look forward to delivering enormously beneficial response time reductions like those experienced by IDT to enterprises and government entities across the globe."

The InSight Platform enables:

• Enterprise visibility into network traffic and endpoint data, including mobile devices

• Consolidated capabilities to identify, analyze and resolve incidents as they occur

• Maximization of existing security investments such as SIEMs, firewalls, next-gen malware detection and sandboxes through bi-directional integrations

• Flexible and powerful automation of the incident resolution process, including the handling of any investigatory or legal matter

ThreatBridge Engine

The InSight&trade Platform's ThreatBridge&trade engine is the first offering to consume and weaponize threat intelligence by supporting multiple formats and integrations:

• Multiple threat intelligence feed integrations (e.g. Norse Darklist, ThreatGRID) and the extensible Collective Intelligence Framework weaponized at the network and across endpoints in real-time

• Consumes a myriad of standards (e.g. OpenIOC, YARA) used to hunt for malware and other indicators of compromise

• Multiple lookup and analysis service integrations (e.g. VirusTotal, Cuckoo, Metascan) adds additional context

• Automated analysis, alert confirmation and resolution with next-gen appliances (e.g. FireEye)

• Endpoint Threat Monitoring provides customizable machine event recording, event playback and real-time threat detection against ThreatBridge feeds

InSight Platform's Key Differentiators

• Automation can decrease response time and manual labor by 80% or more

• The ThreatBridge engine consumes multiple threat intelligence sources and weaponizes them across both network traffic and endpoint data including mobile devices

• Full-featured endpoint and network forensics

• Provides all the capabilities needed by security analysts in a single, consolidated view and platform

• Consolidated lightweight endpoint agent displaces multiple niche agents

Key Enterprise Benefits

• Maintains business continuity and protects brand reputation by identifying and resolving every incident as early as possible, before attackers succeed

• Reduces risks by minimizing threat dwell time, resolving faster and understanding context

• Significantly lowers incident handling costs through consolidation, integration and automation

Visit AccessData at RSA 2014, San Francisco

Booth #2338, South Expo Hall of the Moscone Center

Join us for an engaging AccessData CISO Panel Luncheon at RSA 2014.

Living in a World of Continuous Compromise

Wednesday, February 26, 2014, 12:00 – 1:30 pm PT

San Francisco Marriott, 780 Mission Street, San Francisco, Room Pacific I

Larry Ponemon and security experts talk about their secret weapons in recovering from a cyber-attack and data compromise.

RSVP at www.accessdata.com/rsa-lunch

Additional Resources

InSight Platform overview

InSight Platform brochure

InSight Platform data sheet

Blog: Introducing AccessData InSight Platform: Enterprise Intelligence across the Organization

Blog: InSight Platform Accelerates the Speed of Incident Resolution

Case Study: IDT Corporation Reduces Response Times By 80%

Ponemon Study on Threat Intelligence and Incident Response report

Follow us on Twitter at @AccessDataGroup.

About AccessData

AccessData Group makes the world's most advanced and intuitive incident resolution solutions. AccessData technology delivers real-time insight, analysis, response and resolution of data incidents, including cyber threats, insider threats, mobile and BYOD risk, GRC (Governance Risk & Compliance) and eDiscovery events. Over 130,000 users in corporations, law enforcement, government agencies, and law firms around the world rely on AccessData software to protect

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-3154
Published: 2014-04-17
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file conte...

CVE-2013-2143
Published: 2014-04-17
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.

CVE-2014-0036
Published: 2014-04-17
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.

CVE-2014-0054
Published: 2014-04-17
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External ...

CVE-2014-0071
Published: 2014-04-17
PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.

Best of the Web