Fortscale 2.0 Features: Improved Analytics Algorithms

12 Nov Fortscale 2.0 Features: Improved Analytics Algorithms

LinkedInTwitterFacebookGoogle+Share

The topic for today’s blog is the new upgraded analytics algorithms found in release 2.0. This major advance in the product’s core technology is fundamental to a number of the new features.

Up until this release, Fortscale was focused on detecting anomalies within single events. Each event ingested would be thoroughly analyzed for anything out of the ordinary. For example, when a user authentication occurred, everything about that specific transaction was evaluated. The user’s location, source device, target device, the time of day, and so forth were all inspected, and anything anomalous would affect the event’s risk– generating a high risk-event score.

While this approach significantly helps to detect bad behavior, analysts often had to work out the correlation of related events on their own to fully understand the big picture.

Fortscale 2.0 addresses this issue by analyzing events in aggregate. It first evaluates each specific event, then uses that data to populate and tune 22 different indicators of compromise. Each of these indicators represents a type of anomaly that can be found in the system. Each indicator seeks for the anomaly as a single occurrence or as part of an aggregated timeframe session. For example, some of the indicators are applied to timestamps to reflect behavioral changes in relation to the time when the activity occurred. Another group contains indicators related to data usage, to reflect the changes of data usage patterns, and so forth.

Armed with this new analytics algorithm, Fortscale 2.0 has exponentially extended the number of anomalies that can be detected. It’s now possible to analyze multiple events in aggregate and generate alerts based on a much larger picture. For example, if a user’s number of attempted logins increases to an unusual number, a SMART Alert will be generated. Also, if the number of unique login attempts from all users to a specific device is unusual, a SMART Alert containing all necessary information will be created, enabling the analyst to drill down into the relevant details and see which users, devices, IP addresses, etc., are causing the issue.

These new capabilities, and many others, are a direct result of the advanced analytics algorithms.

Read more about Fortscale 2.0 and read previous blog posts regarding new Fortscale 2.0 features:

Contact us to learn more.