Bring your security full circle with Aruba IntroSpect.
Safeguarding a Borderless Workforce
Protecting organizational data and assets from compromise used to mean that IT organizations built a strong perimeter defense and monitored those walls for weaknesses or impending attack. Today’s mobile workforce, combined with the security complications presented by hosting apps and data in a cloud environment, obliterated any semblance of a defensible border. Today, information security professionals must protect a borderless, uncontained collection of employees, contractors and partners – all using multiple devices from anywhere, at any time – from outside and within the secure boundaries of the corporate network.
To deal with this new threat landscape, Aruba’s User and Entity Behavior Analytics (UEBA) solution, Aruba IntroSpect, detects attacks by spotting small changes in behavior that may indicate attacks that have evaded traditional security defenses. IntroSpect builds baselines of normal behavior for a user, a system or any device with an IP address—known as an “entity”. The baselines are built by machine learning models operating on key data from logs, netflow and packet streams—anything that characterizes an entity’s IT behavior. These baselines are then used to detect abnormal behavior that, aggregated over time
and put into context, will indicate a gestating attack.
Aruba IntroSpect is a powerful tool integrating advanced AI-based machine learning, pinpoint visualizations, and instant forensic insight into a single solution. Attacks involving malicious, compromised or negligent users, systems and devices are found and remediated before they damage the operations and reputation of the organization.
Sign up here for your appointment
- Continuous monitoring and attack detection: 100+ supervised and unsupervised models that detect the widest range of attacks.
- Total visibility: IntroSpect uniquely incorporates all sources of IT-relevant data into both the analytics and forensics, including packets, flows, logs, alerts, endpoint, cloud, etc.
- Accelerated incident investigation: IntroSpect combines both attack detection via supervised and unsupervised machine learning with integrated forensic data in a consolidated security profile called Entity360. Entity360 provides comprehensive and continuous risk scoring and enriched security information that analysts would otherwise spend hours or days searching for – months and years of security data down to the packet level.
- Enterprise Scale: With a Spark/Hadoop platform, IntroSpect uniquely integrates both behavior-based attack detection and forensically rich incident investigation and response at enterprise scale.