Insider Threat Detection
Attacks involving compromised users and entities are notoriously difficult to detect because cyber criminals can evade perimeter defenses by using legitimate credentials to access corporate resources. LinkShadow’s cybersecurity platform automates the detection of these attacks with analytics-driven visibility. Advanced techniques, including supervised and unsupervised machine learning, are applied to data from the network and security infrastructure (e.g., packets, flows, logs, alerts). This information is used to create threatscores for all users and entities and seemingly disparate security events are observed & correlated over time. By measuring the changes and/or the anomalies associated with each entity, LinkShadow identifies advanced attacks, which might appear to be a legitimate user’s activity but are likely an attacker masquerading as a legitimate employee. In addition, these anomalies can only be detected by intelligently correlating orphan alerts over a long period of time. LinkShadow also provides analysts with one-click access to historic data which can go back months or more, as context is often needed to investigate attacks. By combining machine learning with layered forensics, LinkShadow delivers a differentiated analytics solution that automates attack detection and incident investigation without rules, configuration and signatures.
