Defensys has released a new update of the Defensys SENSE Platform v. 1.16 to raise efficiency of companies’ information security. In the modified version detection scenarios were extended with new 15 anomalies. Additionally, the vendor has added a new section called “User profile” for object monitoring and has changed the timeline visualization for a quick artefacts collection during the investigation process.
Defensys has significantly changed the handling of monitored objects. The new section “User profile” immediately provides users with detailed data regarding all sessions of the monitored object, helps to analyze them in one tab and leave comments. Moreover, Defensys has divided event chronology into sessions and limited the display of the monitored object’s activity to one day. A wide range of data on a user’s behavior during a certain period of time is displayed for each session: anomalies, triggered alerts, users’ accounts, equipment, and overall rating. Now events of the same type are grouped in sessions to raise information value of the timeline and make it more convenient for data analysis. New functions allow CS specialists to promptly form the investigation context and to make the process of artefacts’ collection 3 times shorter.
Defensys’s team continues to improve detection features for a better cyber security posture. That’s why the Defensys SENSE v. 1.16 has 2 new program experts: BruteForce and VPN Connections, that have extended detection scenarios with new 15 anomalies. The software helps to detect user credential brute force scenarios and multiple VPN connections in a short period of time based on geolocation. Analysts are now able to detect major threats automatically.
Furthermore, following changes are included in the Defensys SENSE v. 1.16:
- Widgets creation – observation sheets for CS specialists to conduct detailed object monitoring. These can be filled in with objects that require extra attention in order to monitor current events;
- An extended object observation card is now accessible due to a deep integration with AD and extended API abilities;
- Enhanced interaction with the Defensys Endpoint for a rapid reception of necessary data and with the Defensys SOAR for transfer of more detailed information regarding an incident and timely response.
“Program experts of the Defensys SENSE are based on best practices of data analysis and effective object approach. Together, they enable automated anomaly detection, timely reporting of possible threats and rapid context collecting for investigation” – commented Andrey Chechetkin, Deputy CEO at Defensys.