Defensys SENSE v. 1.14: more capabilities for threat detection and incident investigation

Defensys developed an updated Platform for assets behavior analysis and anomaly detection, the Defensys SENSE v. 1.14. The Platform now can be integrated with the Defensys Endpoint technology, which extends the function of endpoint data collection. The new Platform version provides cyber security analysts with more context while looking for the causes of anomalies due to the modified asset card.

With the new version, users get access to a wider range of events and telemetry from different operating systems, including Windows, Linux, and MacOS. This expands the data flow from endpoints, which delivers CS analysts incidents of higher quality for the following assessment. This process was implemented thanks to integration of the Defensys SENSE with the Defensys Endpoint technology.

The asset card was significantly updated. At the moment asset’s technical data and related entities are displayed on the asset card besides the basic information. Because of this, users can quickly access full context of the necessary asset and remarkably speed up the root cause search.

Therefore, Defensys added a new tab “Daily analytics” to the asset card, where you can find rating changes, anomalies, and involved equipment for the last 24 hours. After detection of equipment with a high rating, cyber analysts can research all users’ actions during the day with a single click and define, if investigation is needed in case of anomaly activities detection.

Other Platform improvements are related to the extension of attributes list and new data models, added to the Defensys SENSE v. 1.14 by the vendor. This novelty provides users with more context about each event and ensures more detailed analysis after anomaly has been detected in corporate infrastructure.

“Cyber security specialists extremely need tools, which allow them to promptly get important artifacts for investigation, effectively analyze the assets behavior and detect anomalies. This way they reduce detection and attack investigation time. All the updates are aimed at providing cyber analysts with the ability to quickly and successfully identify anomalies. In particular, new feature for grouping of identical events in terms of timeline helps to shorten the data handling process, identify the security impact of a particular event and take preventive measures” – commented Andrey Chechetkin, Deputy CEO at Defensys.