Perception allows analysts to assign network trust categories to assets improving threat behaviour attribution.
The ability for the analyst to assign domain types and trust levels to IP ranges has been added to the system. This introduces the basis for assigning security layers to better attribute behaviours to risk factors.
Perception can set various parts of a network to ‘trusted’ or ‘untrusted’. This feature enriches the information delivered in the behavioural events generated by the system enabling the analyst to better categorise potential threats. This also enhances the ForensicAI engine’s ability to detect potential threats based on the source and destination domain types and trust levels.
For example, the system could perhaps see a data movement internally between two ‘trusted’ parts of the network as not threat-like, whereas a data movement from a ‘trusted’ internal server to an ‘untrusted’ public WiFi network is far more interesting. ForensicAI also leverages this new data, being able to understand the relevance of multiple data movements, and correlating data moving between various trust levels of a network over time.
This update is CCS and sensor based, and will be pushed to all managed customers at the pre-agreed upgrade time. Self-monitored customers can update their own sensors and CCSs using the software upgrade process. If you have any further questions about this upgrade please contact us at firstname.lastname@example.org