Moving Beyond UserInsight: What's New in InsightUBA?

Last updated at Mon, 28 Oct 2019 17:15:01 GMT

As Kyle mentioned at launch, there's a lot more to InsightUBA than a name change. Over the past nine months, we've continued to work with our Penetration Test and Analytic Response teams, and sought direct input from you all to not only better our detection and investigation, but also improve your user experience. Improve how? It's all centered on saving you time: less time scoping and validating alerts, less jumping between screens, and a single optimized workflow for even faster investigations.

Along with the smarter user experience (which comes with guided in-app messaging!), there is now a new intruder trap to detect credential misuse and continuous endpoint detection available for critical assets & remote users. Full details below:

• Incident Investigations Redefined: Log in, and take a minute to enjoy the refined user interface and optimized workflows, built not only from iterative and extensive testing and design, but from working with you to present the information you want, without the jumping between screens or menus. As a result, the Incident Alerts and Investigation pages are now a single click: “Investigations”. After receiving an alert, the natural next steps are threat validation and scoping: Is this alert real? If so, which users do I need to follow-up with? You may already be saving significant time from our seamless user attribution. Now, every alert automatically displays more context, including associated risky user behavior. Hop in and let our in-app messaging guide you through.

• Continuous Endpoint Detection for Critical Assets & Remote Users: We're obsessed with detecting intruders across your entire ecosystem. You can now deploy a persistent agent on Windows endpoints for continuous detection. This provides coverage for remote workers, contractors, and critical assets, and can easily be pushed out via group policy.

• New Intruder Trap: Honey Credentials: Not all signs of the attacker are found in your log files. With honey credentials, you can leave decoy credentials around your network as bait for attackers. When intruders steal a honey credential to take on the identity of a legitimate user, you'll receive an automatic alert. The honey credential is automatically deployed with the persistent agent; no setup required! This expands on your currently available honey pot and honey user intruder traps, which detect network scans and password guessing attempts.

For more on InsightUBA, visit our Incident Detection & Response page or contact your Customer Success Manager!