ARISTOTLEINSIGHT’S® DIRECTIONAL MATRIX PROVEN INVALUABLE FOR REAL-WORLD CYBER SECURITY SITUATION
Sergeant Laboratories is excited to reveal that its flagship product, AristotleInsight, proved key in helping a customer identify an advanced persistent threat (APT) cyber attack. The client recently notified Sergeant Laboratories of the security incident.
The client had installed advanced endpoint protection and APT monitoring products from another vendor. While these products were used as directed, they did not alert the organization to the APT attack. Instead, an AristotleInsight appliance alerted staff members to the APT. The AristotleInsight appliance had just been updated with the Directional Matrix Report feature, which detected and alerted on the APT attack this customer was experiencing.
AristotleInsight’s new Directional Matrix feature improves the cyber security reporting features within the software. Now organizations can manage users’ access, track cybersecurity trends, and generate reports using the Directional Matrix. Because the generated reports and trends translate important cyber security information using clear visual charts, this feature is critical for helping C-suite executives, board members, and other non-technical stakeholders understand the cyber security threats faced by the business. Sergeant Laboratories is happy to offer it.
In this specific instance, the organization’s failed process logins spiked by an order of magnitude and the L3 Directional Matrix showed the new trend. Security professionals could tell from a review of the AristotleInsight data that something was not right, even though their other cyber security assets showed nothing unusual.
Security professionals on site were then able to dive into L2 report data and track the APT laterally through their network to successfully determine what data the APT was attempting to exfiltrate and from where it was coming. They also found which specific user behavior and configurations caused the APT’s introduction to the network.
Finally, by utilizing the L1 forensic data, the customer was able to conduct a real-time investigation into what occurred on the network. They found where the APT was originating from, what machine had been compromised, how it was compromised, and what accounts the attacker was trying to access. From this data, they were able to stop the attack before any major damage was incurred and were able to ensure that the same threat would not happen again.
Speaking on the incident, Sergeant Laboratories CEO Eric Anderholm stated, “We know that modern organizations are constantly facing a barrage of cyber attacks. Knowing that AristotleInsight assisted this organization in preventing, documenting, and remediating an information breach makes all of our work worthwhile.”
AristotleInsight uses the UDAPE® framework for Cyber Intelligence to provide enhanced cyber threat detection. AristotleInsight provides enhanced data on asset management and inventory to help security professionals improve cyber security organization-wide. Once installed, the software automatically inventories data and asset usage, IT network usage and availability, system and network use and configuration, and other data points. As the recent cyber security incident illustrates, security professionals using AristotleInsight can tell which employee changed configurations, which devices are using the network, and what data those devices are accessing.
AristotleInsight’s existing customers received the Directional Matrix and other new features in their most recent update. If you are not a customer, you can learn more about all of the features of AristotleInsight, including Topological Risk Reporting, Vulnerability and Risk Reporting, Privileged User Management, and Directional Matrix Reporting, by visiting www.aristotleinsight.com or calling 866-748-5227.
AristotleInsight is a big data security analytics solution implementing the UDAPE model. The solution collects, links, and organizes security data in order to establish baselines, conduct user behavior analysis, recognize anomalies, and detect advanced persistent threats.