Corvil Launches User-Centric Network Traffic Analysis For Accelerated Insider Threat Detection and Response

28 February 2018

Corvil today announced the new release of its Security Analytics solution, which helps organizations identify malicious behavior from compromised user accounts that increase the risk of data theft and reputational damage.

With the coming introduction of regulations such as General Data Protection Regulation (GDPR), it is imperative that users and their data are protected by organizations. GDPR mandates notification of a data breach within seventy-two hours. Therefore, the ability to quickly detect abnormal user behavior, network access patterns and data exfiltration is essential.

Addressing these challenges, Corvil now provides unified, granular visibility and insight to activity across users, hosts, applications, and services.  By presenting a prioritized list of the most suspicious users in the environment as well as activity across associated devices of all types, security teams can rapidly see, understand and act on evasive threats and protect high-value assets.  

"In today's world, responding to insider threats depends on gaining comprehensive understanding of user activities across traditional IT domains - endpoints, networks, perimeters. Corvil's ability to provide comprehensive user activity insights into the security ecosystem represents a major step forward," said David Monahan, Managing Research Director, Security and Risk Management, Enterprise Management Associates, Inc.

The Corvil solution captures and analyzes L2-L7 network activity in real-time, contextually enriches with user identity and other data and automatically detects patterns of attack. Through streamlined workflows and intelligence sharing with the broader Security and Network Operations ecosystem (including SIEMs, Endpoint Detection and Response, Threat Intelligence, Next Generation Firewalls, and many big data systems), Security Teams can more effectively and efficiently combat threats in today's complex environments.  

With a single click, an analyst can quickly triage, forensically investigate and respond to incidents such as insider threats, evasive attack movements and ransomware attacks.  By providing linkage to the granular underlying communications, Security Teams can more quickly and with confidence, detect, identify the source, and determine the impact of breaches - live and retrospectively.

This solution is complemented by the machine learning-driven virtual security expert, Cara, released last year and deployed at some of the largest financial institutions in the world, to autonomously identify vulnerabilities and attacks in electronic financial transaction environments.  While Cara's daily cybersecurity intelligence report includes a cyber risk assessment score consumable by c-level executives, Corvil Security Analytics provides the additional granular, forensic record of user and host activity to help support compliance with emerging cybersecurity and data privacy regulations such as GDPR.

"Organizations today face unprecedented risk from cyber-attack and data loss," says Graham Ahearne, Director, Security Product Management. "As the automation and sophistication of attacks increases, all too often compromised user accounts, attacker footholds within the environment, and careless or malicious insiders are the elusive source.  Our new user-centric analytics provide security analysts with a unified view of all user activity on the host and on the network combined with automated risk-scoring, and actionable intelligence to accelerate detection, triage and response."

Security incidents expose organizations to reputational damage, legal and compliance exposure, and financial losses.  With more than 80 percent of breaches[1] stemming from inadvertent or malicious insiders, and with increasingly complex dynamic technology environments, organizations face new and growing threats every day. The faster an organization can identify and contain a data breach, the lower the costs.  However with a growing and diverse range of connected devices coupled with increasingly sophisticated and evasive attacks, it can take as long as five months[2] to detect a breach.  

Compounding matters, today's Security teams face shallow visibility and manual workflows often across fragmented systems while attempting to respond to a barrage of alerts.  While many technologies focus solely on a host-centric view of activity, attackers increasingly gain access through compromised user accounts, escalated privileges and covert communications that are undetectable without closer, more comprehensive analysis.

To learn more about Monitoring User Activity Across Network For Threat Detection and Response see details of our 2018 Corvil and Forrester Webinar.

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development