Product Information
Aruba IntroSpect User and Entity Behavior Analytics detects advanced cyberattacks by utilizing AI-based machine learning to identify threats that have evaded traditional security defenses. IntroSpect also accelerates incident and investigation and response by collecting and consolidating the forensic information security analysts need to remediate an attack. IntroSpect is offered both as an IT solution for security teams worried about attacks on the inside such as ransomware or a malicious user, as well as a key component of the Hewlett Packard Enterprise Intelligent Edge portfolio of solutions by delivering the resources and solution scope for applications such as IoT.
- Detect Attacks That Evade Security Defenses
Aruba IntroSpect User and Entity Behavior Analytics (UEBA) is a solution that utilizes unsupervised machine learning models to find and correlate small changes in behavior that can be indicative of a slowly gestating attack.
Supervised machine learning models are trained to identify specific attacks signals such as command and control and lateral spread to validate that the change in behavior as part of an attack.
Constant monitoring produces a risk score for each user, system and device on the network. The risk score is calculated from the machine learning models and alerts from products such as firewalls and sandboxes. Once the risk score reaches a certain threshold, an actionable alert is generated.
Security teams can adjust risk scores based on the business impact of the affected entities. For example, if a system that stores patient health information or sensitive corporate documents is involved in an attack, the score can be increased to reflect the potential for significant damage. - Accelerate Incident and Investigation and Response
Aruba IntroSpect User and Entity Behavior Analytics collects and correlates a wide range of user, system and device IT activity from which the machine learning models create behavioral profiles and risk scores. Once the analyst is alerted, IntroSpect provides the forensic evidence they need.
Because of its scalable Big Data architecture, IntroSpect can store this information for months or years and presents it in a very efficient and aggregated set of views that reduce the time and effort a security analyst requires to investigate an attack alert and formulate a plan for remediation. - Integrated with ClearPass Enables Attack Response
Aruba IntroSpect User and Entity Behavior Analytics is fully integrated with Aruba ClearPass and can direct either analyst-initiated or automated attack response by sending alerts to the ClearPass Policy Manager.
Aruba ClearPass Policy Manager leverages its knowledge of what is on the network and can execute a range of actions from re-authentication to quarantine to full block depending on the severity of the IntroSpect alert and the business value of the assets and users involved. - Aruba IntroSpect Leverages Security Exchange Partners
Aruba IntroSpect User and Entity Behavior Analytics is an open, multi-vendor platform that not only takes advantage of the Aruba security ecosystem, but also the 100+ third party partners that participate in the Security Exchange program.
By integrating with solutions such as SIEMs, firewalls, and identity systems, IntroSpect can refine the precision of its behavioral-based risk scoring while seamlessly adding both complementary attack detection and analyst efficiency to existing security investments.