QuickSpecs. Aruba IntroSpect User and Entity Behavior Analytics. Overview. Aruba IntroSpect User and Entity Behavior Analytics Product overview

Similar documents
Intro to Niara. no compromise behavioral analytics. Tomas Muliuolis HPE Aruba Baltics Lead

Overview. HPE Complete SafeBreach

Produkt Update: Aruba 360 Secure Fabric ClearPass 6.7 neues Lizenzmodell & IntroSpect. Reinhard Lichte, Consulting Systems Engineer

Compare Security Analytics Solutions

QuickSpecs. Aruba Airwave Usage Licenses. Overview. Aruba Airwave Usage Licenses. Product overview. Features and Benefits

User and Entity Behavior Analytics

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

The Cognito automated threat detection and response platform

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

Integrated, Intelligence driven Cyber Threat Hunting

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

SIEM Solutions from McAfee

How Vectra Cognito enables the implementation of an adaptive security architecture

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software

QuickSpecs. Aruba ClearPass Guest Software. Overview. Aruba ClearPass Guest Software A ClearPass Policy Manager Application.

SIEM Product Comparison

Qualys Cloud Platform

QuickSpecs. Aruba ClearPass OnGuard Software. Overview. Product overview. Key Features

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Infoblox as Part of the Ecosystem

Intelligent Edge Protection

With Aruba Central, you get anywhere-anytime access to ensure that your network is up and performing efficiently.

Models HP Security Management System XL Appliance with 500-IPS System License

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

November 1, 2018, RP Provision of Managed Security Services on an Annual Contract ADDENDUM #2

Designing and Building a Cybersecurity Program

SOLUTION BRIEF RSA NETWITNESS SUITE & THE CLOUD PROTECTING AGAINST THREATS IN A PERIMETER-LESS WORLD

Reducing the Cost of Incident Response

McAfee Advanced Threat Defense

HPE Security ArcSight SmartConnectors. Format Preserving Encryption Environment Setup Guide

RSA NetWitness Suite Respond in Minutes, Not Months

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

QuickSpecs. HPE Complete - Qumulo. Overview. HPE Complete - Qumulo

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

THE ACCENTURE CYBER DEFENSE SOLUTION

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

Traditional Security Solutions Have Reached Their Limit

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

Figure 1. NVIDIA virtual GPU Ecosystem overview with HPE Solutions

Microsoft Security Management

McAfee Endpoint Threat Defense and Response Family

RSA Security Analytics

SentinelOne Technical Brief

CLEARPASS EXCHANGE. Open third party integration for endpoint controls, policy and threat prevention SOLUTION OVERVIEW MAKE BETTER-INFORMED DECISIONS

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

May the (IBM) X-Force Be With You

IntroSpect 2.4. User Guide

McAfee Skyhigh Security Cloud for Amazon Web Services

MEETING ISO STANDARDS

RSA ECAT DETECT, ANALYZE, RESPOND!

HP Virtual Desktop Infrastructure with VMware View Overview

Building Resilience in a Digital Enterprise

Automated Threat Management - in Real Time. Vectra Networks

Cisco Firepower NGFW. Anticipate, block, and respond to threats

BUILDING AND MAINTAINING SOC

DATA SHEET RSA NETWITNESS PLATFORM PERVASIVE VISIBILITY. ACTIONABLE INSIGHTS.

Driving more value from your Security Operations Center (SOC) Platform. James Hanlon Director, Splunk Security Markets Specialization, EMEA

WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS

USING SPLUNK ADAPTIVE RESPONSE

Look Who s Hiring! AWS Solution Architect AWS Cloud TAM

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

QuickSpecs. HPE Workload Aware Security for Linux. Overview

Incident Response Agility: Leverage the Past and Present into the Future

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

UEBA User Entity Behavior Analytics Aristotle Insight Sergeant Laboratories

McAfee MVISION Cloud. Data Security for the Cloud Era

Cisco Advanced Malware Protection against WannaCry

Regaining Our Lost Visibility

USM Anywhere AlienApps Guide

esendpoint Next-gen endpoint threat detection and response

Power of the Threat Detection Trinity

All rights reserved. All trademarks are the property of their respective owners.

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

Catch an Active Cyber Attack in minutes

Cybersecurity Roadmap: Global Healthcare Security Architecture

SOC AUTOMATION OF THREAT INVESTIGATION

QuickSpecs. HP IMC Branch Intelligent Management Software. Models HP IMC Branch Intelligent Management System Software Module w/50-node E-LTU

Pieter Wigleven Windows Technical Specialist

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

Fidelis Overview. ISC 2 DoD and Industry Forum. Rapid Detection and Automated Incident Response DoD & Commercial Active Defense Use Cases

Managed Endpoint Defense

Sustainable Security Operations

Introduction to Big Data

FROM SIEM TO SOC: CROSSING THE CYBERSECURITY CHASM

Qualys Indication of Compromise

Building a Threat-Based Cyber Team

QuickSpecs. HPE VM Explorer. What's New. HPE VM Explorer. Overview

Available Packs and Purchase Information

Stopping Advanced Persistent Threats In Cloud and DataCenters

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

Transcription:

Overview Product overview Aruba s User and Entity Behavior Analytics (UEBA) solution, Aruba IntroSpect, detects attacks by spotting small changes in behavior that are often indicative of attacks that have evaded traditional security defenses. Aruba IntroSpect integrates advanced AI-based machine learning (ML), pinpoint visualizations and instant forensic insight into a single solution, so attacks involving malicious, compromised or negligent users, systems and devices are found and remediated before they damage the operations and reputation of the organization. With a Spark/Hadoop platform, IntroSpect uniquely integrates both behavior-based attack detection and forensically-rich incident investigation and response at enterprise scale. What We Detect: Security Analytics Use Cases IntroSpect provides 100+ supervised and unsupervised machine learning models focused on detecting targeted attacks at each stage of the kill chain: Account Abuse Account Takeover Command and Control Data Exfiltration Lateral Movement Password Sharing Privilege Escalation Flight Risk Phishing Ransomware Key Benefits Advanced Analytics 100+ supervised and unsupervised machine learning models Adaptive learning Extensible models (new use cases, data sources) Widest Range of Data Sources Packets, flows, logs, alerts Any combination depending on use cases Continuously Updated Risk Scoring Weighted by severity, sequence, distribution and time Business context informs risk score Page 1

Overview Accelerated Investigations 10x reduction time and effort Complete historical record down to packet level Fast Deployment On-prem or cloud Standalone or integrated platform Ingest data natively or from SIEM, log management, packet broker Streamlined start via IntroSpect Standard Edition Enterprise Scale Spark/Hadoop platform Billions of events per day Hundreds of thousands of users and devices Accelerated Investigation and Response From SysAdmins to Systems to Sensors Providing Instant Visibility IntroSpect Entity360 is key to reducing the time and effort required to understand, diagnose and respond to an attack. Entity360 provides a comprehensive security profile with continuous risk scoring and enriched security information analysts would otherwise spend hours or days searching for and compiling months and years of security data down to the packet level. Entity360 provides: Profiles for users, systems and devices Access by SIEM, NAC systems, etc. via an open API Pre-packaged incident response playbooks Customer-measured 30 hours/investigation savings Automatic detection of other entities impacted by the attack Threat Hunting Page 2

Overview Proactive threat hunting is easily accomplished with a powerful query interface, without the overhead of finding, searching, and summarizing isolated data stores. Rich analytics to test threat hypotheses across any timeframe Automated search of historical data using IOC s from STIX and custom threat feeds Visualizations to highlight anomalies and significant interactions Significant activity monitored and tagged to assist with both hunting and investigations Data Sources The IntroSpect platform processes the broadest range of data sources, including: VPN, FW, IPS/IDS, Web proxy, Email logs NetFlow, Bro logs EndPoint protection logs DLP logs Packets DNS logs Active Directory logs DHCP logs External threat feeds Alerts from 3rd party security infrastructure Deployment Options On-premise software or appliance On-premise Hadoop application AWS or Azure Virtual Private Cloud (VPC) Key Integrations Aruba ClearPass HPE ArcSight IBM QRadar Splunk Intel McAfee Nitro Gigamon Carbon Black Microsoft Palo Alto Networks FireEye Cisco Symantec Page 3

Configuration Ordering Information Description Hardware Aruba IntroSpect 5Gbps Hybrid Packet Log and Flow Data Processor (with 1yr Support) FPC 2000 Appliance Aruba IntroSpect 5Gbps Hybrid Packet Log and Flow Data Processor (with 1yr Support) PP 1000 Appliance Aruba IntroSpect Analyzer 2000 (includes 1yr Support) Appliance Aruba IntroSpect Analyzer 2500 (includes 1yr Support and SSD) Hardware Aruba IntroSpect Analyzer 1000 Analyzer Node (includes 1yr Support and Copper Mgmt Port) Appliance Aruba IntroSpect Analyzer 1000 Compute Node (includes 1yr Support and Copper Mgmt Port) Appliance Aruba IntroSpect Analyzer 1050 Analyzer Node (includes 1yr Support and Fiber Mgmt Port) Appliance Aruba IntroSpect Analyzer 1050 Compute Node (includes 1yr Support and Fiber Mgmt Port) Appliance Aruba IntroSpect Analyzer 1500 Analyzer Node (with 1yr Support and SSD and Copper Mgmt Port) Appliance Aruba IntroSpect Analyzer 1500 Compute Node (with 1yr Support and SSD and Copper Mgmt Port) Appliance Aruba IntroSpect Analyzer 1550 Analyzer Node (with 1yr Support and SSD and Fiber Mgmt Port) Appliance Aruba IntroSpect Analyzer 1550 Compute Node (with 1yr Support and SSD and Fiber Mgmt Port) Appliance Aruba IntroSpect Switch 24-Port 10G (incudes 1yr Support) Appliance Software: Packet Processing Software Pricing Subscription Aruba IntroSpect Packet Processor 100Mbps 1yr E-STU Aruba IntroSpect Packet Processor 100Mbps 3yr E-STU Aruba IntroSpect Packet Processor 100Mbps Perpetual E-LTU Software: Full Packet Capture Software Pricing Subscription Aruba IntroSpect Full Packet Capture 100Mbps 1yr E-STU Aruba IntroSpect Full Packet Capture 100Mbps 3yr E-STU Aruba IntroSpect Full Packet Capture 100Mbps Perpetual E-LTU Software: Analyzer Software Pricing Subscription Aruba IntroSpect Security Analytics Standard Ed 1K Entities (Users and Servers and IoT) 1yr E-STU Aruba IntroSpect Security Analytics Standard Ed 1K Entities (Users and Servers and IoT) 3yr E-STU Aruba IntroSpect Security Analytics Std Ed 1K Entities (Users and Servers and IoT) Perpetual E-LTU Aruba IntroSpect Security Analytics Advanced Ed 1K Entities (Users and Servers and IoT) 1yr E-STU Aruba IntroSpect Security Analytics Advanced Ed 1K Entities (Users and Servers and IoT) 3yr E-STU Aruba IntroSpect Security Analytics Advanced Ed 1K Entities (Users and Servers and IoT) Perp E-LTU Aruba IntroSpect Security Analytics Standard to Advanced Upgrade 1K Entities 1yr E-STU Aruba IntroSpect Security Analytics Standard to Advanced Upgrade 1K Entities 3yr E-STU Aruba IntroSpect Security Analytics Standard to Advanced Upgrade 1K Entities Perp E-LTU Software: Additional Licensing Options Aruba IntroSpect Analyzer HA Standard Ed 1K Entities (Users and Servers and IoT) 1yr E-STU Aruba IntroSpect Analyzer HA Standard Ed 1K Entities (Users and Servers and IoT) 3yr E-STU Aruba IntroSpect Analyzer HA Standard Ed 1K Entities (Users and Servers and IoT) Perpetual E-LTU Aruba IntroSpect Analyzer HA Advanced Edition 1K Entities (Users and Servers and IoT) 1yr E-STU Aruba IntroSpect Analyzer HA Advanced Edition 1K Entities (Users and Servers and IoT) 3yr E-STU Part Number JZ261A JZ262A JZ263A JZ264A JZ265A JZ266A JZ267A JZ268A JZ269A JZ270A JZ271A JZ272A JZ273A JZ231AAE JZ232AAE JZ233AAE JZ234AAE JZ235AAE JZ236AAE JZ237AAE JZ238AAE JZ239AAE JZ240AAE JZ241AAE JZ242AAE JZ243AAE JZ244AAE JZ245AAE JZ246AAE JZ247AAE JZ248AAE JZ249AAE JZ250AAE Page 4

Configuration Aruba IntroSpect Analyzer HA Advanced Edition 1K Entities (Users and Servers and IoT) Perp E-LTU Aruba IntroSpect Analyzer HA Standard to Advanced Upgrade 1K Entities 1yr E-STU Aruba IntroSpect Analyzer HA Standard to Advanced Upgrade 1K Entities 3yr E-STU Aruba IntroSpect Analyzer HA Standard to Advanced Upgrade 1K Entities Perp E-LTU Lab Licenses Aruba IntroSpect Analyzer Lab License 1yr E-STU Aruba IntroSpect Analyzer Lab License 3yr E-STU Aruba IntroSpect Analyzer Lab License Perpetual E-LTU Aruba IntroSpect Packet Processor Lab License 1yr E-STU Aruba IntroSpect Packet Processor Lab License 3yr E-STU Aruba IntroSpect Packet Processor Lab License Perpetual E-LTU JZ251AAE JZ252AAE JZ253AAE JZ254AAE JZ255AAE JZ256AAE JZ257AAE JZ258AAE JZ259AAE JZ260AAE Maintenance Software Aruba IntroSpect Analyzer Standard Ed 1K Entities 1 yr Support E-STU Aruba IntroSpect Analyzer Advanced Edition 1K Entities 1yr Support E-STU Aruba IntroSpect Analyzer HA Standard Edition 1K Entities 1yr Support E-STU Aruba IntroSpect Analyzer HA Advanced Edition 1K Entities 1yr Support E-STU Aruba IntroSpect 100Mbps Packet Processing 1yr Support E-STU Aruba IntroSpect 100Mbps Full Packet Capture 1yr Support E-STU Page 5

Summary of Changes Date Version History Action Description of Change 07-Aug-2017 Version 1 Created Document Creation Sign up for updates Copyright 2017 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. To learn more, visit: http://www.hpe.com/networking a00018425-15985 - Worldwide - V1-07-August-2017 Page 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback