Huntsman Analyst Portal sets new benchmarks for incident response, shortening the time at risk – from threat detection to resolution – to seconds.
When integrated with SIEM technology, the security analytics capabilities of the Huntsman Analyst Portal delivers the complete range of security information management, real-time analysis, threat verification and incident workflow automation. The leading edge technology addresses significant challenges facing cyber security teams:
- Attacks and attackers are getting more sophisticated, harder to detect and more difficult to defend against
- A need to reduce elapsed time between attack and resolution
- Limited resources trying to process an increasing volume of alerts
The Huntsman Analyst Portal: How it works
The Analyst Portal collects and process security data in real-time, using correlation rules and machine learning techniques to identify suspicious behaviour and misuse. The software provides two automated and unique response capabilities:
- Threat verification to eliminate false positives
- Delivery of a case file of all available and relevant information for threat resolution by (a) a senior analyst or; (b) machine automated action
Huntsman Analyst Portal: Benefits
- Saves valuable time – reduces the risk window to seconds
- Provides consistency through automation
- Up to a 10-fold reduction in operating overhead, through automation of routine elements of diagnostic and resolution processes
- Delivers precise security information to operations, management and audit stakeholders
- Allows incident investigators to immediately answer key questions: ‘who, what, where, when and how’ around an alert
- Focuses security teams on true indicators of compromise
- Extensive data support with sensor/agent/agentless collection from syslog, event logs, file-based audit trails, XML, database query, and network flow data drawn from hundreds of sources.
- Detection and analysis of, and response to, alerts and threats in real-time
- Fully integrated defence-grade incident and case file management, automated workflow and full evidential recording
- Display of real-time actionable intelligence with visibility of compromised IT assets or information flows in the event of a breach
- Clear security business intelligence interface for dat-driven investigation and drill-down queries with tabbed data views and interactive filters
- Identification of security breaches, root cause analysis and investigation
- Integration with malware detection solutions such as FireEye, BlueCoat, Cisco and Checkpoint to identify, prove and resolve advanced persistent threats
- Full support for dedicated enterprise deployments, multi-tenant services and cloud environments.
Huntsman Analyst Portal integrates with 3rd Party Enforcement Tools
The Analyst Portal works with 3rd party enforcement tools such as Cisco ISE to automate security processes enabling Rapid Threat Containment. See details of the Cisco ISE – Huntsman Analyst Portal solution here.
Huntsman Analyst Portal: Watch the video
Want to find out more?