The layered defenses that make up an enterprise’s security infrastructure often work independently. Each is looking for something different; each is collecting, analyzing, presenting (alerting), and making decisions based on the information they find. The problem is this creates duplicative work for the customer, who is often overwhelmed by all the alerts they receive and unsure how to put all the pieces together. Fortscale Presidio changes that – working with vendors to embed behavioral analytics throughout the security infrastructure to more accurately assess risks and improve decision-making.
Fortscale Presidio is a plug-in that can be natively embedded by security infrastructure solutions to deliver the visibility and risk-based analysis they need to make better, smarter security decisions. Leveraging the engine from Fortscale’s award-winning user and entity behavioral analytics (UEBA) platform, Presidio enables SIEM, EDR/EPP, DLP, CASB, IAM and other security infrastructure vendors to quickly and simply incorporate real-time, risk-based intelligence on the activity of users and entities within the customer’s environment to enhance their own analysis and security enforcement.
Optimize your value
Adding native, best-of-breed behavioral analytics to your own analysis to enhance your visibility, improve alerts accuracy, and support decision-making to strengthen security.
Understand insider threats
Enhancing rule – and threshold-based analysis with advanced machine learning analytics, providing user and entity intelligence and real-time risk profiles that improve your ability to identify and mitigate the impact of insider threats.
Reduce attack surface
Leveraging behavioral intelligence to add riskbased user visibility to your security platform to support the automatic adaption of policies and enforcement to address real-time risk levels.
Ensuring you have all the contextual and actionable data you need to support automation and increase the increase the efficiency and productivity of your solution.
Presidio was designed to be easily embedded into SIEM, EDR/EPP, CASB, DLP, IAM and other security infrastructure devices. For each vendor, Presidio provides customizable data models, behavioral capabilities and application program interfaces (APIs) designed to make integration simple and effective. Presidio can natively take any data from any vendor and produce insights that strengthen their ability to deliver better, more intelligent security – it simply becomes part of the solution.
Data Processing: takes days, weeks, months, even year’s worth of data from any source – detection devices, user repositories, threat feeds, etc. – and identifies behavioral changes, which often go unnoticed by other solutions, that indicate a potential threat.
Enrichment: uses big data analysis to autonomously create multi-dimensional activity baselines for all entities – users, devices, applications, entitlements, etc. – to provide visibility into who is doing what within mission-critical resources.
Behavioral Modeling & Analysis: uses machine learning to look at behavioral similarities between users, devices, and applications and identify outliers, both negative and positive (who does and doesn’t belong? what does and doesn’t make sense?). Based on current and historical patterns, Presidio can also make logical assumptions around what to expect that minimize any alarms around “normal” changes in activity.
Threat Indicators: identifies the real-time risk of specific activity, calculated based on the continuous, multi-factor analysis of human actors, device actors, accounts, locations, applications, specific operations, entitlements, etc. to support more dynamic enforcement of security policies.
Patented SMART Alerts™: pinpoints high-priority anomalies. It provides the contextual information needed to effectively address threats, in priority order, within the environment, while prioritizing the most significant advanced threats and risks