Discovering anomalies is easy; understanding which anomalies represent a significant threat is challenging. Too many false positives and your security team is overwhelmed—but letting an insider threat proceed undetected can result in a catastrophic data breach. Fortscale solves this dilemma with its patented SMART Alert technology. Using machine learning, Fortscale first detects unusual user behavior, then a second pass ranks the results in order of their anomalousness. The results are that your security team is presented with a small set of reliable alerts in priority order.
One of the major challenges with insider threats is the persistence of attacks. As many studies indicate, once inside the network, attackers spend on average more than 200 days doing what is needed to identify their targets and accomplish their missions. Fortscale’s advanced UBA is a Hadoop-based solution that enables processing, visibility into, and analysis of the appropriate timeframes (days, weeks, months, quarters, or years) to accurately identify behavioral changes that occur over long periods of time and throughout lengthy attack campaigns.
Fortscale can process standard user access logs to enterprise applications or services. However, every business has one or more work applications that are critical to its successful operation. Understanding who is accessing these applications (whether a billing system, customer database, code repository, or other proprietary crown-jewel application) and preventing unauthorized access is one of the highest priorities for an enterprise security team. Fortscale makes it easy to analyze user access logs as well as additional usage information associated with these applications, providing effective monitoring and unique visibility into mission-critical enterprise applications.
Critical alerts can be quickly identified and resolved within the Fortscale dashboard. However, some organizations prefer to integrate Fortscale alerts into their existing ecosystems. Fortscale can stream security insights to any third-party solution within the operational environment, thus allowing easier interoperability, resource prioritization, and security insight correlation across multiple security controls.
However, quick resolution of security alerts is not the entire story. The results need to be fed back into the analytics engine to fine-tune future results. Fortscale enables analysts to rapidly respond to threats and send feedback into Fortscale on the quality of insights. Such feedback is then used to optimize future results.