Haystax Technology has rolled out new analytic capabilities that generate more detailed, accurate and timely intelligence on adverse human activities, reducing the noise and excessive false positives that plague many conventional user and entity behavior analytics (UEBA) solutions.
The company’s award-winning Haystax Analytics Platform™ was designed from the ground up to enable analysts to focus their energies on understanding their highest-priority risks in a more predictive manner. The platform redefines security analytics by blending qualitative expert judgments captured in Bayesian models with other artificial intelligence techniques to find threat ‘signals’ buried inside multiple data sources. It then ranks these threats in priority order, instantly displaying actionable information and delivering alerts to those who need to know.
Optimized Insider-Threat Analytics
Many of the most significant feature additions since our last major Haystax product update are geared towards enhanced analysis of insider threats and the continuous evaluation of the trustworthiness of personnel with security clearances. For example, our Assets (see see featured image, above) and Assessments apps have now reached full operational capability to manage data about individuals, and not just critical infrastructure assets. Similarly, our Incidents and Events apps can be used to manage data regarding individual behaviors and related activities and events.
Additional monitoring and evaluation now can be carried out with the use of tagging, which is a powerful way to capture key characteristics of any data entity. In Haystax, users can add existing tags to an individual with one click, or create new ones. Because tagging works for any concept, an organization can know at a glance who it employs at a ‘high access level’ or who is ‘high risk’ or in ‘finance’ or ‘maintenance,’ or any other characteristic it wishes to monitor. The list pages of all four core Haystax apps are now searchable by tags. For example, typing ‘sysadmin’ into the search box on the Assets app (see image below) will reveal all individuals in Haystax who have been tagged as system administrators. It will also display a list of all personnel assessments performed on each tagged sysadmin in the Assessments app, as well as all incidents or related events involving sysadmins in those respective apps.
Assessments App Enhancements
Haystax’s library of assessment templates continues to grow as well. Given the drastic increase in highly publicized insider-threat incidents over the past few years — and based on lessons learned from Haystax Technology’s work with federal government agencies and large financial organizations — many of these templates focus on assessments of people, as a complement to our existing library of facility assessments. New ‘person assessment’ templates include Supervisor Interview, Insider Employment Application, Insider Risk Level, Insider Watchlist Screening and Insider Reference Check (see image below). New facility templates include a Building Assessment as well as Damage Assessments for businesses, houses and public facilities. The new forms complement our existing SWAT, fire safety and school safety assessment templates for critical infrastructure.
Other significant enhancements to the Assessments app include:
- Assessment approval workflows have been improved with a new two-tiered process that starts with the submission of an assessment, and then allows an administrator to disapprove it and send it back for revision, before it is deemed ‘Approved’ and locked to prevent further changes.
- A ‘highlight questions’ tool allows an assessor to mark a single assessment question as particularly important. A highlighted question, once answered, will then appear on the assessment’s Overview page, and on the relevant asset view page within the Assets app. Furthermore, when printing an assessment report, the user can activate the ‘Highlight Questions’ toggle switch and the report will print only those highlighted answers.
- There is a new export/import function that lets users download a blank assessment spreadsheet into Excel, answer the questions offline and then upload the completed form to create a finished assessment.
- Each assessment template comes with a tool that allows question subsections to be repeated — so that, say, a facility assessor can answer a question about a single stairwell but can also create five more ‘copies’ to accommodate all available data when the building being assessed has six stairwells rather than one.
- Each individual Asset view page now has a list window that shows all assessments created, in progress and/or completed for that asset.
- Assessments can now be created and filled out from an asset page, rather than only from the Assessments app. This upgrade is geared primarily towards analysts who are continuously evaluating personnel.
- Haystax’s global search tool can now search on street addresses associated with assessments (and assets, too).
- Administrators can now edit their assessment start and end dates, as well as tags and assigned assessor email addresses.
Based on Haystax’s patented model-driven approach to security analytics, Haystax reasons like a team of expert analysts at scale to precisely identify the greatest threats to an organization’s critical systems, data, facilities and people, even when the indicators are hard to detect and regardless of whether the behavior is malicious, negligent or inadvertent.
Now with the addition of tagging and the new person-based assessment templates — plus personnel-centered incident and event management — it will be even clearer to decision-makers why a particular individual may represent a risk that needs to be addressed immediately, and less burdensome to conduct further investigative assessments to confirm or disprove the risk.