Huntsman Analyst Portal sets new benchmarks for incident response, shortening the time at risk – from threat detection to resolution – to seconds.
When integrated with SIEM technology, the security analytics capabilities of the Huntsman Analyst Portal delivers the complete range of security information management, real-time analysis, threat verification and incident workflow automation. The leading edge technology addresses significant challenges facing cyber security teams:
- Attacks and attackers are getting more sophisticated, harder to detect and more difficult to defend against
- A need to reduce elapsed time between attack and resolution
- Limited resources trying to process an increasing volume of alerts
The Huntsman Analyst Portal: How it works
The Analyst Portal collects and process security data in real-time, using correlation rules and machine learning techniques to identify suspicious behaviour and misuse. The software provides two automated and unique response capabilities:
- Threat verification to eliminate false positives
- Delivery of a case file of all available and relevant information for threat resolution by (a) a senior analyst or; (b) machine automated action
Huntsman Analyst Portal: Benefits
- Saves valuable time – reduces the risk window to seconds
- Provides consistency through automation
- Up to a 10-fold reduction in operating overhead, through automation of routine elements of diagnostic and resolution processes
- Delivers precise security information to operations, management and audit stakeholders
- Allows incident investigators to immediately answer key questions: ‘who, what, where, when and how’ around an alert
- Focuses security teams on true indicators of compromise
- Extensive data support with sensor/agent/agentless collection from syslog, event logs, file-based audit trails, XML, database query, and network flow data drawn from hundreds of sources.
- Detection and analysis of, and response to, alerts and threats in real-time
- Fully integrated defence-grade incident and case file management, automated workflow and full evidential recording
- Display of real-time actionable intelligence with visibility of compromised IT assets or information flows in the event of a breach
- Clear security business intelligence interface for dat-driven investigation and drill-down queries with tabbed data views and interactive filters
- Identification of security breaches, root cause analysis and investigation
- Integration with malware detection solutions such as FireEye, BlueCoat, Cisco and Checkpoint to identify, prove and resolve advanced persistent threats
- Full support for dedicated enterprise deployments, multi-tenant services and cloud environments.
Huntsman Analyst Portal: Watch the video
Want to find out more?