Smart Investigator Use Cases

BECOME A PARTNER

We aim at building solid business partnerships to expand our solutions’ reach globally while delivering a profitable partner experience.

Use cases

Cyber Security

Compromised Users Detection

Pinpointing all suspicious users accounts, based on its sophisticated Anomaly Analyzer self-learning mechanism, without the use of predefined rules or heuristics.

Connections Details

Connections can be genuine or bogus. Suspicious behavior may include connection attempts on closed ports, blocked internal connections, a connection made to bad destinations etc., using data from firewalls, network devices or flow data. External sources can be further enriched to discover the domain name, country and geographical details.

Abnormal Administrative Behavior

Monitoring inactive accounts, accounts with unchanged passwords, abnormal account management activities etc., using data from AD account management related activities.

 

Intrusion Detection and Infections

This can be done by using data from IDS/IPS, antivirus, anti-malware applications, firewall logs, NIPS alerts and Web proxy logs, as well as internal connectivity logs, network flows, etc.

Compliance

Statistical Analysis

Statistical analysis can be done to study the nature of data. Functions like average, median, quartile etc. can be used for this purpose. Numerical data from all kind of sources can be used to monitor relations like the ratio of inbound to outbound bandwidth usage, data usage per application, response time comparison etc.

System Change Activities

Using collected data for quickly identifying the changes in configurations, audit configuration changes, policy changes, policy violations and the like.

Anti-Fraud

Malicious Insider Identification

Edward Snowden is the most famous example of a legitimate contractor who accessed, collected and made use of highly sensitive data from the NSA, the company he was serving. This proves that no organization is immune to inside threats of this kind.

Smart Investigator is able to identify users and contractors having a high-risk activity or access sensitive data, by investigating their behavior history log by log, second after second.

Information Theft

Data exfiltration attempts, information leakage through emails etc., using data from mail servers, file sharing applications etc.

Malicious Intruders Identification

There is a person within the company’s structure who was monitored, investigated and recognized for security information leak/stealing. The company’s security team would like to be alerted as soon as he sets foot in the building.

The native integration with physical security module NEC NeoFace® allows Smart Investigator to alert security admins immediately when a blacklisted/whitelisted person passes in front of a registered camera within the CCTV network. The application automatically sends an email/message alert in real time.

IT Security

Authentication Activities

Abnormal authentication attempts, off-hour authentication attempts etc., using data from Windows, UNIX and any other business application that requires authentication.

Sensitive Data Access Investigation

The access of enterprise users to databases, file share systems and applications may have hidden, high-risk patterns. While some actions may be considered more suspicious than others, access becomes riskier when it’s in the hands of certain high-risk users.

Smart Investigator uses its dedicated set of innovative modules to analyze users’ access to databases, file share systems, and applications, and to automatically pinpoint suspicious access activities.

Shared Accounts

Multiple sources (internal/external) making session requests for a particular user account during a given time frame, using login data from sources like Windows, Unix etc.

Security Events Verification

Information Security needs second prioritization of events for monitoring, by enriching SIEM/FW/IDS/DLP systems with big data machine learning-based analytics on users. SIEM systems manage rule-based events that are correlated and prioritized in real-time. Smart Investigator ensures a better prioritization of events, based on non-rule-based big data and historical data analysis.

Copyright 2017 nextgen software