How It Works
Fortscale is comprised of two major layers:
1) a robust Hadoop cluster that can be integrated with various big data repositions or SIEM systems
2) a user-friendly toolbox dedicated for cyber analysts.
Using a visualized and generic analytics package sets and advanced machine learning algorithms in a scalable Hadoop environment, Fortscale pinpoints high-risk user behavior and access activity, without the need for pre-defined rules or thresholds.
INTEGRATION WITH BIG DATA REPOSITORIES
Fortscale enriches all big data repositories (e.g. Hadoop, Splunk, Vertica, Greenplum/Vertica) and leading SIEM vendors, with new analytics and insights. Integration with these repositories is simple and easy. Once Fortscale has access to logs from various periods of time and sensors – the strength of its Machine Learning Analytics can be revealed.
HADOOP BASED MACHINE LEARNING ENRICHMENT LAYER
The Hadoop layer includes generic, nested or canned machine learning algorithms that profile behavior of users and entities across multiple log sources without the use of pre-defined rules, heuristics or thresholds. These dynamic algorithms analyze massive amounts of data and produce a risk score indicating the potential risk of a given entity, based on automatic behavior analysis and peer analysis. These nested algorithms understand what is important or risky even if the security team is not sure what to look for
FINDING NEEDLES IN YOUR BIG DATA HAYSTACK
Fortscale’s dynamic machine learning algorithms profile behavior of users and entities across multiple log sources (e.g., Active Directory, Logins, SSH, DNS, VPN, Proxy, FW, applications, file share access etc.) without the use of pre-defined heuristics or signatures. These algorithms understand what is important or risky even if the security team is not sure what to look for. The Analytics Package Sets pinpoint abnormal user behavior or machine activity against both historical data and peer activity. Intelligence-driven analytics help to discover suspicious user behavior, access to sensitive data, risky misconfiguration or advanced malware exfiltration, in a unique visualized way.
SECURITY ANALYST PLATFORM
The Analyst Interface layer includes Analytics Package Sets specifically designed to meet the needs of cyber security analysts. This layer includes visualized reports, dashboards, unique query language and visual investigation of threats and attacks. The intelligence-driven Package Sets help to discover and to investigate compromised users, suspicious access to sensitive data and risky misconfiguration. These capabilities provide investigators with fast results, while allowing them to leverage their own expertise and the enterprise’s current security measures. It also enriches SIEM systems with new insights and more accurate prioritization of events.