Defensys has released a new version of its cybersecurity analytics platform Defensys SENSE 1.5. This version introduces several new features compared to the commercial release, which was out in May 2021. The key changes are in the behavioral analysis system. The platform is now capable of training and retraining itself to update behavior patterns in a timely manner. The user can adjust the intervals of automatic re-training to the specific conditions of his infrastructure, so that the programmatic experts receive new information in time and reduce the number of repeated false positive anomalies. Also, by adjusting the retraining intervals, the user can set the frequency of resetting obsolete context across objects, which will avoid the effect of rights accumulation, for example, in the case of employee role changes in the company.
The updated platform integrates with a number of new sources. Integrations with MaxPatrol SIEM and ArcSight ESM systems are especially noteworthy. Defensys SENSE also allows to save and process not only raw events, but also events of correlation from ArcSight ESM, conveniently placing them on the general timeline of the observation objects. Such events can be scored according to their criticality level which wich will affect the observable score. The new version also features integration with the Defensys SOAR, making it possible to configure the sending of incident notifications. In addition, a connector has been developed for Kaspersky Security Center events, which can also be configured for assigning hazard scores on object timelines.
The new version of Defensys SENSE has a preview of the observation object – now you can quickly get a summary about the object, frequent anomalies, hazard scores and immediately go to the timeline for all the necessary details. The algorithm of the frequency model was redesigned, which made programmatic experts work more accurately and faster. Also, the developers have provided the possibility to adjust the programmatic experts’ sensitivity.
In addition, integration with Active Directory has been implemented. The list of users and information about them appears and is updated automatically. Also, it is now possible to set up several integrations, synchronizing different Base DNs.
A large part of the improvements have taken place in the logging environment. Defensys SENSE now has a separate service for centralized process logging of all system modules and services, which makes it easier for the user to collect the necessary service information. Logging has been extended to all the critical services related to the platform’s operation. System notifications functionality was added and now the platform will notify the user about all important events in the user interface.
The developers also expanded the functionality of dashboards, optimized the process of working with the aggregated entity called “User” and improved the timeline. In addition, the user card now has a history of changes – all updates to the object are reflected in the corresponding tab.
“In the new version of Defensys SENSE we have managed to automate a large block of user work with the system, in particular with the behavioral analysis tools. As a result, the end user is relieved of the burden of making decisions and organizing processes for additional training or retraining. We have adapted the system to self-training. Besides, such process allows to react adequately and in time to infrastructure changes, which is the basis of the behavioral analysis, – said Andrey Chechetkin, Deputy CEO of Defensys. – The next steps for improvement will be to expand the analytical capabilities of the platform – simple rules and programmatic experts, as well as functionality for the user, including working with analytical tools and retrospective analysis”.