The Challenge:Mitigate Attacks that Come From Inside
DATA SHEET
Most serious security breaches result from malicious insider activity or external attackers using legitimate credentials that have been stolen. Because these attackers are using “real” credentials, they’re especially difficult to detect using standard SIEM tools. However, if credentials are compromised, there will be a shift in their patterns of usage and general account behavior.
To successfully mitigate insider threats, therefore, it is critical to model what everyday users are doing while they are inside the network so as to quickly identify abnormal behavior.
Fortscale digests access and authentication logs from a variety of sources, and then analyzes that data to 1) baseline “normal” behaviors of legitimate users; and 2) detect abnormal or malicious behavior, possibly from external imposters or rogue employees. Fortunately, everyday data from Splunk provides a very rich dataset for Fortscale’s advanced machine-learning algorithms to “chew on”.
Fortscale automatically analyzes Splunk logs in concert with other data to empower your security team to rapidly and accurately pinpoint abnormal, risky, suspicious, or malicious activity – even when those users leverage totally legitimate credentials.
Fortscale ends insider threats with a totally new generation of autonomous behavior analytics technology based on machine learning.
Fortscale is different. There are no rules to setup up, no weeks-long machine training projects and almost no false-positives. Fortscale starts getting smarter the second you turn it on.
After just a few days, Fortscale is clever enough to start modeling your users and systems on the fly. Fortscale spots anomalous behavior quickly, accurately, and without constantly demanding your attention.
It might seem like magic, but it’s mostly just really good math – and only Fortscale has it. Fortscale’s insider threat solution lowers analyst stress levels and makes your whole security operation work a whole lot better.
For more information, visit www.fortscale.com.
ABOUT FORTSCALE
The Combined Fortscale - Splunk Solution
Plugging Fortscale Into Your Splunk Instance
Data Sheet
Page 2
Through tight integration, Fortscale and Splunk automate the process of analyzing hundreds of millions of access events across hundreds of enterprise applications. Fortscale delivers actionable intelligence to Splunk that helps your security analysts stop bad actors in their tracks—faster, easier and more effectively than before.
Together, Fortscale and Splunk deliver the most advanced and effective User Behavior Analytics solution on the market. From rapid detection to investigation and response, the combined solution can address a wide range of attack scenarios, including
Use of Lost or Stolen Credentials - Over 85% of data breaches involve stolen or compromised credentials. Detecting unauthorized credential use is key to mitigating losses.
Privileged Account Abuse - Detect administer-level privileges used in improper ways by outside attackers or rogue employees.
Unauthorized Third-Party Activity - Determine when contractors, business partners or service providers are misusing their credentials on your networks.
Data Exfiltration by Snooping Users - Identify disgruntled employees or partners hunting for data they can sell or use to damage company interests.
Shared Credentials - Even the best employees share credentials when they know they shouldn’t. See it and shut it down, fast.
Plugging Fortscale Into Your Splunk Instance (Cont.)
Supporting Splunk’s native API, Fortscale retrieves real-time or historical data using native Saved Searches at any convenient interval (usually hourly).
Then Fortscale uses its advanced behavioral analytics engine to model user behavior on the fly and detect suspicious events.
Fortscale can export its insights, including risk events (raw data enriched with Fortscale risk scores) back to Splunk using Syslog Forwarding, so Fortscale alerts can be sent to and managed via the Splunk console.
The combined Fortscale/Splunk solution makes your security analysts more effective. They can stop more, stress less and get more done with less training. Adding Fortscale to your Splunk instance streamlines your business-critical security operations and helps make everything in your SOC work better.
Ready to Boost Your Security?Fortscale gives you real-time visibility into the actions of users and entities in your environment and uncovers insider threats by identifying unusual behaviors that pose a risk to your business. Combining predictive, big data analytics and advanced machine learning, the Fortscale User and Entity Behavioral Analytics (UEBA) engine can be deployed as a stand-alone solution optimized for security operations centers (SOCs) or natively embedded in security infrastructure solutions - SIEM, EDR, EPP, CASB, DLP, IAM - to improve risk analysis and decision-making.
Upon deployment, Fortscale starts processing user and entity data from throughout your security infrastructure, autonomously modeling behaviors, and quickly and accurately identifying anomalous, risky activity to uncover insider threats. Backed by Intel Capital, Blumberg Capital, Swarth Group, CME Ventures, Evolution Equity and Valor Capital, Fortscale’s insider threat solution lowers analyst stress-levels and improves your security posture overall.
