In today’s increasingly complex cyber-threat landscape, CISOs and IT departments face huge information security challenges, not least being the time it can take to detect a critical cyber-attack.
To date, the it has not been possible for analysts to rapidly prioritise incidents because there is a lack of context in the volume of data and alerts that comes their way. And the legacy tools used to investigate and resolve incidents are often collections of point solutions requiring manual processes to be useful.
Perhaps most worrying is the fact that CISOs and IT departments are often simply working to get compromised systems back online, without investigating or resolving events so they can be prevented in the future.
The solution AccessData is putting forward for these problems is its new InSight Platform. This is a cybersecurity system that enables enterprises to manage the rapidly accelerating volume of data incidents caused by cyber-attacks, mobile risk, Governance Risk & Compliance and eDiscovery requests.
“The reality of today’s cybersecurity world is one of continuous compromise, where every network has unauthorized people doing unknown things at any given time”
The company’s goal is to make the platform as intuitive as possible so it can manage an entire incident detection, analysis and resolution lifecycle in a single, consolidated tool with the ability to automate every step. As threats are identified, endpoint and network forensics information, contextual data, and analysis results are automatically obtained, digested and presented in a unified view for immediate analysis.
AccessData is calling this Continuous Automated Incident Resolution (CAIR).
The InSight Platform has one common code base that consolidates existing cybersecurity, forensics and e-Discovery products and leverages their combined capabilities to identify and resolve every data incident or data request as efficiently and accurately as possible.
“The reality of today’s cybersecurity world is one of continuous compromise, where every network has unauthorised people doing unknown things at any given time,” said Craig Carpenter, CMO, AccessData. “In an environment of compromise, the ability to continuously detect, quarantine, respond to and resolve such incidents is an absolute must-have for any business or government entity. And with the massive growth and diversity of information, the need to automate as much of the incident resolution process as possible is obvious.
“The InSight Platform is the market’s first incident resolution solution, working seamlessly with legacy investments to give CISOs and IT departments comprehensive, real-time visibility into threats and incidents and the ability to remediate and resolve them quickly and easily. We look forward to delivering enormously beneficial response time reductions like those experienced by IDT to enterprises and government entities across the globe.”
The platform gives enterprises visibility into network traffic and endpoint data, including mobile devices. It also consolidated capabilities to identify, analyze and resolve incidents as they occur, maximises existing security investments such as SIEMs, firewalls, next-gen malware detection and sandboxes through bi-directional integrations, and provides flexible automation of the incident resolution process, including the handling of any investigatory or legal matter.
Its ThreatBridge engine is, the company claims, the first offering to consume and weaponise threat intelligence by supporting multiple formats and integrations. Multiple threat intelligence feed integrations such as Norse Darklist and ThreatGRID, and the extensible Collective Intelligence Framework can be weaponised at the network and across endpoints in real-time.
Its key enterprise benefits, as seen by AccessData, include the ability to maintain business continuity and protection of brand reputation by identifying and resolving every incident as early as possible, before attackers succeed.
It also reduces risks by minimising threat dwell time, resolving them faster and helping to understand their context, as well as significantly lowering incident handling costs through consolidation, integration and automation.
