IKANOW today released Information Security Analytics (ISA) 1.5. The release includes several new features and some of the most powerful are designed to give information security analysts contextualized search capabilities that can reduce the investigation time between identified incident and confirmed intrusion.
In addition, executives and managers can now use the enhanced dashboards to view new data about departmental risk and threat feed efficacy. And, we have added real-time integration for two additional commercial threat intelligence feeds. As with the features in the first release, ISA has maintained its commitment to lightning fast performance, easy data source integration, and unmatched scalability.
Adding Context to Breach Investigation
Analysts have a tough job. Existing information security systems throw a lot of alerts and it’s up to the analyst to determine what should be investigated first and then they use as many as a dozen tools to determine if the incident is nefarious or benign. ISA 1.5 streamlines this process by putting incident data related to potential breaches in one place so that analysts can quickly move to investigation and response.
The breach context matrix from the 1.0 release is maintained. That feature already sorts potential breaches by risk level and IOC matches paired with assets. New features in the 1.5 release include an enhanced dashboard view with breach analysis drill downs for search and network analysis.
|New Feature||Value to Analysts|
|Enhanced Breach Incident Matrix||The new breach incident matrix view improves an analyst’s visibility across web, proxy and firewalls in one location for easy comparison. Analysis is streamlined with automated correlation of all log data and IOC’s. This helps minimize the use of multiple tools and vendor silo limitations when investigating potential breaches. In many organizations log information is directly available only to network operations teams and often involves restricted access. Now, critical information for breach investigation is front and center for rapid review by analysts.|
|Network Traffic Analysis||Analysts can view log file information with a single click that leverages the open source visualization tool, Kibana. This network traffic visualization can show analysts anomalous behavior over time with variances easily distinguished from normal traffic patterns.|
|Correlated Search||Analysts, can now obtain asset level detail for IOC’s and IP Addresses and identify related information from threat intelligence in simple one-click searches. This puts all internal data alongside external information in one place for rapid analysis. Users of ISA 1.5 can also save frequently used searches.|
Enhanced Risk and Threat Visibility
We also enhanced the dashboard view of risks and threats for executives, managers and analysts. IKANOW’s ISA dashboard already shows prioritized summary lists of potential breaches, vulnerabilities and threat intelligence. The 1.5 release adds additional context to the breach and threat intelligence views.
|New Feature||Value to Analysts, Managers and Executives|
|Breach Risk Scores||The breach summary now includes departmental risk scores which can be assigned based on the number and severity of IOC’s correlated with asset criticality. This offers a quick view into whether there is a rising risk of exploit not just based on an individual asset’s activity, but also includes related assets and the criticality of those assets in terms of information value or operational role. This feature can be used to prioritize investigations and identify potential breaches that might remain hidden when only considering assets individually.|
|Threat Feed Confidence Scores||ISA is the first tool to present data that enables enterprises to differentiate the value and relevance provided by various threat intelligence feeds. Not every feed will have equal value to all organizations. Information security teams need to understand which are especially important to their environment. ISA 1.5 provides additional context with confidence scores.|
Real-Time Threat Feed Integration
IKANOW’s open architecture makes it easy to integrate with an unlimited number of internal and external data sources. For most of those sources, data ingestion occurs at scheduled intervals. The ISA 1.5 release introduces real-time integration to threat intelligence content from iSight ThreatScape and Symantec Deepsight. ISA also provides a data sources management panel that shows the last time each feed was updated so analysts can proactively manage their threat intelligence and make updates as needed.
|Feature||Value to Analysts|
|Real-time Threat Intelligence Feed Integration||Threat intelligence is continually updated so there is no latency between threat intelligence content introduction and availability to the enterprise. There is also no need to check with operations or support teams for status to validate; you have the freshest information available. The 1.5 release includes real-time integration with iSight ThreatScape and Symantec Deepsight. Other threat intelligence feeds that have schedule ingestions today can become candidates for real-time integrations in future releases.|
|Data Source Management Panel||There is no more guessing how fresh a data source is. ISA’s data source management panel shows the date and time of the most recent ingestion and can enable update or removal with a couple of mouse clicks.|
Focus on Delivering Information Security Answers… Lightning Fast
The ISA 1.5 release has a sharp focus on putting new incident investigation tools at the fingertips of analysts while helping the enterprise better manage risk and understand data source status and efficacy. We recognize that identifying incidents is a critical function. IKANOW has many features to unearth incidents that existing information security solutions simply miss. The new features around departmental risk address this problem directly. In a recent engagement, ISA 1.5 was able to identify three potential breaches within a few minutes of go live. Those incidents were not captured by the organization’s SIEM or other existing security solutions.
In addition, there is also a key gap for analysts today when it comes to tools that streamline the incident investigation process. ISA 1.5 features around breach contextualization provide all log, incident and threat data in front of analysts in a single solution that can dramatically reduce the time to breach confirmation. There is a lot of talk about the long amount of time between attacker intrusion and breach detection. Two critical elements of that latency is prioritizing incidents properly and conducting investigations to confirm whether an exploit has been successful or warrants action. IKANOW ISA is uniquely suited to tackle this challenge. It was designed from the ground up to parse large data sets where the answers to information security questions can be found.
We hope you find the new ISA 1.5 features useful in protecting your enterprise from the ever-present and increasing information security threats. If you would like to learn more about how lightning fast information security analytics can help your organization, click the button below to request a demo.
By Manoj Srivastava