For over 25 years, Haystax has been the provider of world-class commercial software products for direct use by individuals in the agencies charged with protecting our communities, cities, and country. Thus, our product is one of the most widely deployed risk management software solutions, used by school, law enforcement, fire, emergency management, and other government agencies across the United States.

Image module

Haystax for School Safety

Haystax meets the constantly evolving challenges of providing safe learning environments for students, faculty, staff, and local security partners by integrating all vital incident and school facility information into a single, online platform.  Physical assessments and behavioral assessments along with the ability to report and monitor incidents on or near campus are hallmarks of Haystax for School Safety.  Know your threats sooner, respond faster, and effectively coordinate actions for all stakeholders.

Image module

Haystax for Public Safety

Law enforcement professionals are called upon daily to perform a broad range of tasks—from routine patrols, intelligence gathering and investigations to major crime and incident responses. Their challenge is to ensure public safety despite incomplete intelligence, limited cross-jurisdictional information sharing, and tight budgets. Haystax helps law enforcement agencies prepare for and respond to any crisis with a dynamic picture of emerging threats, rapid  intelligence-collection and incident-reporting tools, and a seamlessly integrated user environment that  ensures maximum collaboration and analytically sound command decisions for rapid response.

Image module

Haystax for Enterprise Security

Haystax has developed a suite of applications designed specifically to help corporate security decision-makers and analysts navigate this challenging environment. Haystax alerts corporate leaders to their most likely threats and natural hazards, provides critical security and operational information about each physical facility, regardless of its size or geographic location, and allows risk managers to identify and mitigate their biggest vulnerabilities. Moreover, the Haystax platform enables security teams to manage incidents and major events—from the ops center or out in the field.

Equipped with these insights, CSOs can better anticipate their risks, communicate with leadership and limit their company’s exposure to financial, legal and reputational liabilities.

PrevNew SANS, Haystax Technology Insider Threat Survey Reveals Malicious Actors as the Most Damaging Threat Vector for Companies01 August 2017NextCybersecurityHaystax Technology Again Makes Cybersecurity 500 List14 August 2017

More Organizations Adopting UBA, Gartner Says

August 9, 2017

Enterprises are increasingly turning to user behavior analytics (UBA) for an array of security missions, as they confront ever-more sophisticated external threats and the possibility that even their most trusted insiders could be compromised or turn malicious, say leading analysts at IT research and advisory firm Gartner.

A central theme of the recent Gartner Security & Risk Management Summit was that UBA has now matured to a sufficient extent that it is being adopted by organizations experiencing limitations with their older security information and event management (SIEM) tools, which provide real-time analysis of security alerts generated by network hardware and applications.

Gartner defines UBA as threat detection and investigation technology that focuses on user activities and that incorporates some form of advanced analytics such as machine learning, data science and/or AI-like capabilities. (The firm’s own preferred acronym, UEBA, also includes an entity component, given the importance of detecting compromised device and system activity at the same time as user activity.)

Anton Chuvakin, Research Vice President and Distinguished Analyst at Gartner, said that while SIEM “is still very relevant for a lot of companies,” it lacks the ability to analyze certain kinds of non-IT data that is vital in mitigating today’s more advanced threats, such as those posed by inside personnel.

One example is identity and access management (IAM) data, but he also cites the utility of information from human resources files, travel records and employment histories. This additional analytical context is important, Chuvakin said, “because people want to have that deeper level of insight that’s completely non-achievable in a tool like SIEM.”

“SIEM is broad, but UBA is smart,” he added.

There are three primary reasons enterprises seek out UBA solutions, Chuvakin said:

  1. Lack of ability to detect user account takeovers, phishing and other user-centric threats.
  2. Lack of threat detection coverage for issues and environments not monitored by older systems.
  3. The high cost, in analyst time and energy, of triaging and investigating alerts generated by SIEM systems.

In particular, he said, UBA solutions have several strengths compared to conventional analytics. First, they detect threats better (and detect better threats); second, they analytically decide what matters, boost those signals and “squash the noise”; and third, they solve some security problems with less expert labor.

Haystax Technology’s UBA solution meets those criteria. It is based on our model-driven Haystax Analytics Platform™, which is optimized for a number of different use cases where user trustworthiness is a primary concern. These include insider threats, account and system compromise and cyber-fraud, plus a variety of customer-specific applications where the adaptability of our Carbon ‘whole-person’ model has proven to be a key distinguishing capability. Another strength of Haystax is its ability to connect with a broad array of data sources (providing greater context to the analytics) and its ability to take in and analyze SIEM logs and other third-party detection data.

Although Chuvakin said that the SIEM-UBA war “is here” and that each camp is building tools designed to take on the other, he also noted that customers do not necessarily have to choose one solution exclusively. Rather, SIEM and UBA can be deployed jointly, provided companies decide in advance what tasks will be handled by each tool. “UBA’s focus on analytics — real-time and batch — is quite different,” he said. “SIEM is focused on rules, while UBA has more interesting detection algorithms.”

Current trends point to an increasing level of UBA sophistication in the future. According to Chuvakin, new features and functions will include the increased spread of deeper analytics functions to endpoint detection and response (EDR) systems and cloud access security broker (CASB) software, and eventually to data loss prevention (DLP). “We will have a little baby UBA in many products,” he said.

For all its advanced capabilities, however, Chuvakin cautioned that UBA “is not a replacement for a human brain or analyst.” UBA systems certainly take on more of the thinking from humans, he noted, “but they don’t think for you and won’t for a very long time.”

Haystax Technology’s Haystax for Insider Threat product is designed to take the burden off SOC analysts and decision-makers by packaging all the critical information in one place and prioritizing it, giving them a more effective way to quickly investigate changes in an individual’s trustworthiness and understand if that person represents an insider threat.

 

Related posts