Intelligence and security analysts who monitor threats on a daily basis will be able to pinpoint their organizations’ biggest risks with greater fidelity and speed, thanks to recent workflow and capability improvements Haystax Technology has made in the latest release of its user behavior analytics (UBA) solution, Constellation for Insider Threat.
The Constellation Dashboard is the analyst’s home-screen environment — the place where the entire organization’s risk results are displayed, and the launching point for deeper investigations into the new high-priority threats that emerge each day.
The new release includes a number of Dashboard enhancements, including:
- Dynamic Change in Score Plot: Significant changes in employee trust scores often are indicators that an investigation is required. This new capability graphically depicts shifts in the risk scores of all personnel, and can be used to identify individuals whose relative risk has changed the most in the shortest period of time. The graph provides immediate access to key user details including the employee name and numerical score changes (last 30 days vs. current); from the graph, users can directly click through to the relevant employee profile page to delve into the behavioral factors that drove the change.
- Assessment Status List: Assessments are key components of mitigating insider threats. This new Dashboard view catalogs the assessments filed on each and every employee, showing the assessment type (e.g., Supervisor Interview, Executive Profile, etc.) plus date created, assessor name and status, allowing managers to quickly understand their assessment teams’ workloads.
- The Top Impacts graph has been completely redesigned to provide deeper insights into the positive and negative factors most impacting an organization’s risks. Easy-to-understand pie charts alert analysts and their supervisors of organization-wide activity and patterns showing both the overall impact on risk scores as well as the population impacted by that factor.
Security and User Management
Securing insider threat data by role and need-to-know is critical to ensuring the success of an insider threat program. Haystax has rolled out a number of other enhancements around system administration and security to empower system administrators to easily configure security for their environment.
Recent upgrades include:
- Constellation can now be directly linked to SAML-based single sign-on (SSO), enabling users to log into Constellation on the web or via Mobile Constellation (iOS) using their existing active directory user accounts and passwords.
- System administrators can give specific users the authorization to invite their own new users; they can also create custom Data Groups as a way of partitioning their users into definable subsets.
- When inviting single or bulk users, admins can assign apps and roles within each app (create, delete, edit, read) for each user, along with the data groups the user can join.
- Within the Manage Access page, improvements include the addition of an Organization data field, and a sort function for all columns (Username, Full Name, Organization, Status, Roles and Data Groups) to quickly find users when changes are required.
- A new print function works across all user management features so that lists of current users and invited users can be printed out, or saved as PDFs.
- A global search function finds every instance of a named entity across all Constellation apps from Assets and Assessments to Incidents and Events.
- Constellation’s new user registration process has been streamlined and now captures more detailed information, from first and last name to additional attributes such as title, organization and phone number, to enable better user collaboration and tracking within and outside the system. Users can also opt in for a daily digest email showing activity across all Constellation apps, to easily stay up to date on changes without constantly logging in.