SecureAuth announced a threat detection system called Network Insight v6.4; the new system can identify hidden threats on live network traffic in real time. Productivity can be increased, and quick actions can be taken against infection as the security team receives updates. The attacks can be detected on any user and devices by using the combination of vulnerability management, identity management, and network security. Several key features aim to improve the efficiency and productivity of security teams.
Network Insight V6.4 includes Host Account Mapping (HAM) to give security team insights on which users are logged on to which devices. The device behavior and the user activity provide the response team if the infectors are misusing the credentials. When compared to reverse DNS and NetBIOS, Network Insight V6.4 provides accurate methods for hostname resolution. Threat hunting search allows the responders to search for threat operator and domain names to check whether they exist in the core labs database. The solution enables the security team to add exploitability context and device vulnerability to search for devices that have similar infections; this will also allow the team to find devices that move latterly within the organization. Network Insight V6.4 integrates with ServiceNow ITSM to start a workflow and take action. Tickets can now be created within the solution manually based on maliciously affected devices or by user-defined criteria.
SecureAuth eliminates identity-related breaches; the risk factor is continuously assessed and creates a seal of trust across identities. The company prevents misuse of credentials by making it simpler for organizations to develop a highly secure automated platform. Changes are made to customer schema, and once connected, the team can gain access to the customer database schema. Within the system, the relationship between tables related to assets can be tracked. The user can independently find table-related data using tools compatible with Postgres and relevant queries. There are a few known issues like when the syslog receiver is enabling on a combo box, and the box must be restarted before the receiver to start listening on the interface. Underreporting of file counts in the executive report was found in rare cases. The solution is quite flexible and gives the security team a powerful tool to identify threats in real time.