BEHAVIORAL ANALYSIS TO PREDICT THE FUTURE

Open threat model approach with self-tuning behavior indicators for a tailored Artificial Intelligence

When something goes wrong it can be an arduous task to discover the behaviour that caused an event stuck in a black box where detectability is practically impossible. We give the possibility to act directly on our algorithms, to select the behaviour indicators to be used and to correlate them with each other in order to adapt them to the business context with a peerless self-tuning risk modelling capabilities.

While many of the most well-known breaches have been caused by malicious outsiders, the rogue insider continues to be a source of data loss. Since malicious intent is difficult to assess, Sharelock analyzes contextual behavioral information not readily available in log files providing risk-based analytics, data mining, anomaly detection to help identify high-risk profiles. Sharelock helps security teams by creating a baseline using profiling attributes from HR records, events, access repository, log management solutions and more, to easily detect and predict abnormal user behavior associated with potential sabotage, data theft or misuse.

INSIDER THREAT

ACCOUNTS COMPROMISED, HIJACKING AND ADVANCED THREATS

Detecting compromised credentials of any employee or contractor within the organization is a foundational requirement. Detect attacks using Machine Learning algorithms tuned to inspect various parameters like timestamp, location, IP, device, transaction patterns, and high-risk event codes, to identify any deviation from the normal behavior of an account and corresponding transactions. Sharelock is able to easily detect if hackers have control of a network user’s credential by improving signal-to-noise ratio, by consolidating and reducing alert voume, by prioritizing alerts that remain, and by facilitating response and investigation.

Compromise of a privileged user’s (e.g. DBA or system admin) credentials can be more difficult. Privileged users may not work in established patterns, as they are required to respond to emergency situations regularly. Therefore, normal usage patterns may be more difficult to detect. Attackers gain privileged user credentials and then access key systems directly. Sharelock monitors privileged accounts with contextual information, around who accesses your IP and regulated data and provide risk-based alerting of anomalous behavior and the ability to prevent and deter a threat before it occurs.

PRIVILEGED ACCESS ABUSE

DATA EXFILTRATION AND INTELLECTUAL PROPERTY PROTECTION

Identify data exfiltration by ingesting data sources such as DLP and data classification to uncover important data locations, access and application activity. DLP focuses on the data itself, while Sharelock focuses on the user handling that data. Together, these solutions can improve analysis of the interaction between users and sensitive data. The most fundamental value of user behavior analytics is to provide context around security activity. Sharelock improves detection of threats and potential loss, enables better prioritization of effort, and supports dramatically faster response after detection.