16 Nov Fortscale 2.0 Features: Single-Screen Investigation
Today we’ll discuss Fortscale’s new single-screen investigation feature.
Those who’ve spent any time as a security analyst know all too well that it’s a lot of work. The pressure is intense, especially when an event looks like it’s related to a potential or actual critical security incident. But to understand the big picture and the context/intent of the user’s behavior, the analyst must answer a lot of questions and gather copious amounts of information, such as:
- What does the user’s normal baseline for this activity look like?
- What PC, tablet, or phone is being used? Is this a normal device for this user? How often is this device normally used?
- Is it normal for this user to access this resource? How frequently? At what hours?
- Is there anything unusual about the user’s profile or credentials? Has anything been modified recently? Is his password weak?
- Who else has been accessing this resource? Is there anything odd about who, when, or how those accesses have occurred?
Obtaining all the data necessary to answer questions like the above can take a lot of precious time, and require dozens of individual steps. Different reports might have to be run, different tools might need to be used, and numerous screens evaluated. And the analyst has to compile all of the data from these different sources into a single understandable view, often without effective tools to do so.
To help analysts with these critical tasks, Fortscale 2.0 introduces a new single-screen investigation feature. It’s a giant leap forward, presenting the most essential data that analysts need to evaluate and resolve each incident – all from a single screen.
All related incidents, anomalies, and corresponding indicators are presented on one screen, along with definitions and supporting baselines. With one click, analysts can drill down on various elements to obtain more details.
This is one of the most important new capabilities in the release, saving analysts a great deal of time while giving them better results. I encourage you to find an opportunity to see this new feature in action by scheduling a demo. You will not be disappointed.
More to come regarding Fortscale 2.0 and its capabilities.
Read more about Fortscale 2.0 and read previous blog posts regarding new Fortscale 2.0 features:
- Fortscale™ SMART Alerts
- Alert-Based Dashboard
- Dynamic User Thresholds
- Multi-factor User Analysis
- Improved Analytics Algorithms
Contact us to learn more.