Vulnerabilities / Threats
2/24/2014
02:01 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

AccessData Introduces Continuous, Automated Incident Resolution Platform

InSight Platform enables enterprise visibility into network traffic and endpoint data, including mobile devices

Lindon, UT– February 19, 2014 - AccessData, the leader in incident resolution solutions, today announced the InSight&trade Platform, a revolutionary cybersecurity system enabling enterprises to adeptly manage the rapidly accelerating volume of data incidents caused by cyber-attacks, mobile risk, GRC (Governance Risk & Compliance) and eDiscovery requests.

In today's sophisticated threat landscape, CISOs and IT departments face daunting information security challenges. The detection of critical cyber-attacks takes too long. The overwhelming volume of data and alerts from existing security investments do not provide the context needed for analysts to prioritize incidents. And legacy tools, used to investigate and resolve incidents, are comprised of multiple point products, requiring manual processes and scarce expert talent. As a result, it has become painstakingly difficult and cost prohibitive to detect, respond and mitigate threats quickly and intelligently, with CISOs and IT departments often simply working to get compromised systems back online, without investigating or resolving events so they can be prevented in the future.

The intuitive InSight Platform enables the entire incident detection, analysis and resolution lifecycle in a single, consolidated platform with the ability to automate every step. As threats are identified, endpoint and network forensics information, contextual data, and analysis results are automatically obtained, digested and presented in a unified view for immediate analysis. Delivering on AccessData's vision of Continuous Automated Incident Resolution (CAIR&trade), the InSight Platform has one common code base that consolidates existing market-leading cybersecurity, forensics and e-Discovery products and leverages their combined capabilities to identify and resolve every data incident or data request as efficiently and accurately as possible.

"The traditional incident response infrastructure is a fragmented patchwork of network, endpoint and Security Information and Event Management (SIEM) tools, which do not interoperate well," said Golan Ben-Oni, CSO and SVP Network Architecture, IDT Telecom. "Security demands real-time, automated response. Integrating my SIEM with AccessData's InSight Platform has reduced our response times from 12 hours to 2.5 hours. That's an 80% reduction in response time. "

"The reality of today's cybersecurity world is one of continuous compromise, where every network has unauthorized people doing unknown things at any given time," said Craig Carpenter, CMO, AccessData. "In an environment of compromise, the ability to continuously detect, quarantine, respond to and resolve such incidents is an absolute must-have for any business or government entity. And with the massive growth and diversity of information, the need to automate as much of the incident resolution process as possible is obvious. The InSight Platform is the market's first incident resolution solution, working seamlessly with legacy investments to give CISOs and IT departments comprehensive, real-time visibility into threats and incidents and the ability to remediate and resolve them quickly and easily. We look forward to delivering enormously beneficial response time reductions like those experienced by IDT to enterprises and government entities across the globe."

The InSight Platform enables:

• Enterprise visibility into network traffic and endpoint data, including mobile devices

• Consolidated capabilities to identify, analyze and resolve incidents as they occur

• Maximization of existing security investments such as SIEMs, firewalls, next-gen malware detection and sandboxes through bi-directional integrations

• Flexible and powerful automation of the incident resolution process, including the handling of any investigatory or legal matter

ThreatBridge Engine

The InSight&trade Platform's ThreatBridge&trade engine is the first offering to consume and weaponize threat intelligence by supporting multiple formats and integrations:

• Multiple threat intelligence feed integrations (e.g. Norse Darklist, ThreatGRID) and the extensible Collective Intelligence Framework weaponized at the network and across endpoints in real-time

• Consumes a myriad of standards (e.g. OpenIOC, YARA) used to hunt for malware and other indicators of compromise

• Multiple lookup and analysis service integrations (e.g. VirusTotal, Cuckoo, Metascan) adds additional context

• Automated analysis, alert confirmation and resolution with next-gen appliances (e.g. FireEye)

• Endpoint Threat Monitoring provides customizable machine event recording, event playback and real-time threat detection against ThreatBridge feeds

InSight Platform's Key Differentiators

• Automation can decrease response time and manual labor by 80% or more

• The ThreatBridge engine consumes multiple threat intelligence sources and weaponizes them across both network traffic and endpoint data including mobile devices

• Full-featured endpoint and network forensics

• Provides all the capabilities needed by security analysts in a single, consolidated view and platform

• Consolidated lightweight endpoint agent displaces multiple niche agents

Key Enterprise Benefits

• Maintains business continuity and protects brand reputation by identifying and resolving every incident as early as possible, before attackers succeed

• Reduces risks by minimizing threat dwell time, resolving faster and understanding context

• Significantly lowers incident handling costs through consolidation, integration and automation

Visit AccessData at RSA 2014, San Francisco

Booth #2338, South Expo Hall of the Moscone Center

Join us for an engaging AccessData CISO Panel Luncheon at RSA 2014.

Living in a World of Continuous Compromise

Wednesday, February 26, 2014, 12:00 – 1:30 pm PT

San Francisco Marriott, 780 Mission Street, San Francisco, Room Pacific I

Larry Ponemon and security experts talk about their secret weapons in recovering from a cyber-attack and data compromise.

RSVP at www.accessdata.com/rsa-lunch

Additional Resources

InSight Platform overview

InSight Platform brochure

InSight Platform data sheet

Blog: Introducing AccessData InSight Platform: Enterprise Intelligence across the Organization

Blog: InSight Platform Accelerates the Speed of Incident Resolution

Case Study: IDT Corporation Reduces Response Times By 80%

Ponemon Study on Threat Intelligence and Incident Response report

Follow us on Twitter at @AccessDataGroup.

About AccessData

AccessData Group makes the world's most advanced and intuitive incident resolution solutions. AccessData technology delivers real-time insight, analysis, response and resolution of data incidents, including cyber threats, insider threats, mobile and BYOD risk, GRC (Governance Risk & Compliance) and eDiscovery events. Over 130,000 users in corporations, law enforcement, government agencies, and law firms around the world rely on AccessData software to protect

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2010-5312
Published: 2014-11-24
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

CVE-2012-6662
Published: 2014-11-24
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.

CVE-2014-1424
Published: 2014-11-24
apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a "miscompilation flaw."

CVE-2014-7817
Published: 2014-11-24
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".

CVE-2014-7821
Published: 2014-11-24
OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?