Traditional security tools generate an overwhelming number of alerts, with many false positives mixed in, making it very difficult to identify true insider threats. In many cases, Insider Threat Managers must log into multiple systems in order to identify the person tied to each user account, their manager, hosts and applications the user can access, and other supporting information just to determine if the alert is a false positive. Some enterprises use User Behavioral Analytics (UBA) to uncover anomalous insider activity however UBA tools alone lack context such as indicators of attack, vulnerabilities associated with the targeted host, the importance of the targeted application and the financial impact the enterprise would face if it were compromised.
Risk Fabric® Identifies & Prioritizes Insider Threats Based on User and Entity Behavior Analytics, Related Threats & Vulnerabilities, Financial Impact to the Business & Context Gathered From Application Owners
Using its own proprietary User & Entity Behavioral Analytics, Risk Fabric uncovers unusual user behavior, which includes comparing behaviors to those of the user’s direct peers and overall organization.
Line-of-business application owners who manage the assets under attack can add context to the identified user and qualify if the threat is business justified or suspicious (kind of like your credit card company sending you a text message to confirm if a strange transaction is valid).
Risk Fabric correlates associated vulnerabilities, financial impact to the business, asset value and other business context to determine the severity of the threat. Risk Fabric then delivers a targeted list of the riskiest people and users to investigators.
QUALIFIED THREAT ALERTS, MINIMIZING FALSE POSITIVES