StealthDEFEND is here!

Real-Time Threat Analytics & Alerting

Request a Free Trial

Powered by ChronoForms - ChronoEngine.com

StealthDEFEND is a real-time threat analytics and alerting component for the STEALTHbits Data Access Governance Suite. Leveraging unsupervised machine learning, StealthDEFEND eliminates excessive and undifferentiated warnings to surface truly meaningful trends and alerts on attempts to compromise your sensitive data.

Adversaries have demonstrated a consistent and ongoing ability to obtain network access through phishing and other web and email attacks. From here, attackers set their sights on gaining access to data. Securing unstructured data requires the proactive monitoring and review of millions of data points related to access of the data, when it is being accessed, who is doing the accessing, where they are accessing it from and what they are doing with the data once accessed. Performing this level of analysis was not possible prior to StealthDEFEND.

Built on a decade of data access governance expertise and purpose built analytics, StealthDEFEND does not rely on lagging indicators such as native logging. Instead, StealthDEFEND processes millions of access events daily to surface meaningful trends and alerts.

Some highlights of the new release include:

Unsupervised Machine Learning

Unsupervised Machine Learning

The ability for a system to learn what is normal versus abnormal, as well as identify and alert on true outlier behavior indicative of account or system compromise, enables the efficiencies Security Analysts desperately need in order to keep up with a never-ending stream of alerts generated by dozens of tools.

With the ability to focus their already limited time and attention on much fewer, yet higher quality alerts requiring investigation, Security Analysts and the organizations they’ve been tasked with defending can do more with less and stay a step ahead of bad actors attempting to do them harm.

Seamless Sensitive Data Integration

Seamless Sensitive Data Integration

Context is critical in threat detection and prevention, and data sensitivity is perhaps the most important contextual element of all considering sensitive, high-value data is the ultimate target in virtually every breach scenario.

StealthDEFEND’s automatic incorporation of data sensitivity via integration with StealthAUDIT, 3rd Party DLP solutions, or alternatively supplied datasets, provides organizations impactful, meaningful views and alerts on user activity involving sensitive data, reducing noise and instantaneously prioritizing investigations based on risk.

Preconfigured Threat Models

Preconfigured Threat Models

Using a combination of techniques, StealthDEFEND will automatically identify threats based on both well-known and anomalous behaviors. By honing in on specific file system threats like the mass encryption activities that accompany crypto ransomware attacks, in addition to risky behaviors like abnormal access of sensitive data from uncommon locations, StealthDEFEND covers both ends of the threat spectrum as it pertains to file system threats.

User Behavioral Profiles

User Behavioral Profiles

Examining every file interaction, including where they’re made from and to, when, the types of operations performed, and even the types of data users are interacting with, enables StealthDEFEND to build a robust behavioral profile for each individual user that is as unique as they are. It is when each individual’s behavior is understood that true outlier detection is made possible, which ultimately leads to fewer alerts for Security Analysts to investigate.

SIEM Integration

SIEM Integration

The goal of a Security Information & Event Management (SIEM) platform is to provide organizations with a centralized repository and holistic view of all security-related information across the enterprise. Integrating directly and seamlessly with the market’s leading SIEM platforms, StealthDEFEND delivers meaningful, legitimate threat data to an organization’s SIEM and in quantities that are manageable for Security Analysts to investigate.

Real-Time Alerting

Real-Time Alerting

StealthDEFEND’s collection and analysis of file activity is all performed in real-time, without any reliance on native logging. Detected threats can be sent via email or through any SIEM platform, providing critical information through the most appropriate medium, and in time to do something about them.

Interactive, Real-Time Visualizations

Interactive, Real-Time Visualizations

The ability to visualize the summation of vast amounts of data drastically expedites the time it takes to understand complex subjects and associations. StealthDEFEND provides useful visual elements that map to how the human brain processes information, making it quick and easy for Security Analysts to understand why certain events were flagged as threats.

Incident Detection Response Workflow

Incident Detection Response Workflow

With time and bandwidth at a premium in most organizations, duplication of effort is the ultimate waste of resources. StealthDEFEND’s Incident Detection Response Workflow ensures the multiple parties interacting with StealthDEFEND understand what has been investigated or what is already known about a particular event, saving time and increasing collaboration in the threat investigation process.

For More Information: