Enable business continuity across your organization (no matter where they are)
Threat detection 和 response is a critical piece in an ongoing journey to improve your security program, but feeling confident in your coverage can seem challenging with a remote workforce. 当用户处于远程状态时, they may be operating assets like laptops in potentially hostile 网络 outside of IT 和 security’s control. 有效地完成他们的工作, your remote employees still need access to company data 和 key applications.
为了应对这些挑战, we’ve developed a comprehensive approach to detection 和 response, to help you enable business continuity, keep your organization protected (no matter where they are), build a foundation for success across your entire environment.
远程用户
当员工搬离校园时, establishing what a new normal looks like can be a challenge for security teams. Is this a valid user working somewhere else, or malicious use of credentials? Insight印尼盾 has a deep heritage around 用户行为分析 和 leverages finely tuned analytics 和 machine learning to quickly establish a baseline 和 recognize anomalous activity. 我们还包括有价值的报道, such as our Ingress Locations dashboard, to provide vital information for your analysts to confidently investigate. By recording 和 displaying historical activity on remote user location (including authentications from outside the US), 登录失败, 和更多的, you 和 your team can easily identify malicious vs. 正常用户活动.
当用户处于远程状态时, you may also use more cloud applications 和 services, such as Office 365, Azure, AWS. Insight印尼盾 can aggregate Security Center alerts from Microsoft Event Hubs, recognize user or environment changes in AWS 和 alert teams on these changes right away.
远程端点
我们的轻量级, cloud-hosted Insight Agent provides critical, real-time visibility across your Windows, Mac, Linux assets—no matter where they are in the world. The agent collects user activity 和, for InsightVM 客户、资产漏洞数据. You’ll marry real-time endpoint data with user activity 和 log search for comprehensive incident detection across the entire attack chain. With the ability to search assets by username, Insight印尼盾 allows you to quickly 和 accurately track which assets your users log on to most frequently 和 expedite the process of granting remote access to those devices.
远程网络接入
Insight网络传感器, 您将监视, 捕获, assess the end-to-end network traffic moving throughout your physical 和 virtual environment, including remote workers when deployed alongside your VPN solution.
我们的方法 网络流量分析(NTA) is unique in that our 管理检测和响应 (MDR) team has curated a library of the most critical Intrusion Detection System (IDS) alerts for teams to focus on, helping cut down on noise 和 increase analysts’ confidence in taking action. We also leverage a proprietary Deep Packet Inspection (DPI) engine to 捕获 all raw network traffic flows, 提取丰富的元数据. This information is enriched with our 用户行为分析 attribution engine, so you can quickly identify which user 和 what asset is associated with a network flow.
