Prelert, a leading provider of behavioral analytics for IT security and operations teams, announced V4 of its Anomaly Detective application. Building on the company’s use of unsupervised machine learning technology to automate the analysis of large data sets and identify anomalous activity, this new version adds a powerful capability to identify links between those anomalies. In addition, it introduces features that allow IT and security professionals to further investigate and better understand anomalies so they can act fast and act early to remediate issues.
IT security and operations teams are drowning in log data that, if analyzed, could tell the story of most performance issues or security threats their organization faces. However, there’s no way a person can piece that story together on their own, which is why intruders go undetected for months and performance issues can persist indefinitely,” said Mark Jaffe, CEO of Prelert. “With our machine learning capabilities, Prelert enables organizations to pinpoint issues that really matter. And with significant enhancements in this new version, teams can now see how those issues relate to one another, making it even easier to detect advanced threat activity or discover the root cause of operational issues.”
Anomaly Detective V4 introduces a new feature called Insights that helps tell the story behind an organization’s data. Insights are time-sequenced groups of anomalies linked by one or more common entities. By using machine learning to automate data analysis, Prelert can identify unusual or suspicious behaviors and the entities – such as users, IP addresses and domains – that influence them. Users can then access a list of other Insights that share a common influencer entity, helping to make certain patterns of attack stand out as more critical than others.
Using behavioral analytics to identify anomalous activity from within massive sets of data is proving to be a very successful method for IT security and operations teams to cut through the noise and see the information that really matters,” said David Monahan, Research Director at Enterprise Management Associates (EMA). “Being able to link anomalies helps an organization focus its resources on solving problems rather than chasing alerts, because anomalous activities that are malicious or tied to performance are often hidden within a much larger data stream and rarely happen in isolation. Analytics brings the pieces of the puzzle together in near real time, which is an invaluable asset in the fight to address issues before they impact business.”
New features within Prelert’s user interface also help teams investigate commonalities between anomalies to help them better understand and identify potential threats or security issues. Those features include:
- Auto-Generated Insights– pre-configured Insight definitions enable the system to automate Insight creation for activities including cyber kill chain progressions.
- Analyst-Created Insights– gives analysts the ability to create Insights based on their own environmental factors – and then save, label, comment and re-use them for future detection and investigation.
- Anomaly Timeline– this virtual “story line” shows the temporal relationship of anomalies included in a given Insight.
Sign up for the free insideBIGDATA newsletter.