Absolute Unwraps AI Threat Insights

Comprehensive, advanced threat detection & user entity behavior analytics

We are truly pleased to announce AI Threat Insights this week, a long-awaited addition to the Secure Access SaaS portfolio. This release harnesses the power of AI to help beleaguered IT professionals fight against increasingly hostile threat actors – the same threat actors who are also leveraging AI to develop sophisticated malware and malicious code.

AI Threat Insights proactively monitors, detects, and prioritizes suspicious activity such as data exfiltration, port scans, anomalous application usage, and zero-day behaviors – and then alerts administrators to potential threats and vulnerabilities. It’s unique in that it learns only from individual customers’ data – it doesn’t use aggregated or mixed data from multiple sources.

IT and security administrators have told us repeatedly that they don’t want to search through log files or consult multiple consoles looking for user, device, application, or network behavior that might indicate a problem. Rather, they want information brought to their attention that is meaningful and helps them actively prevent potential issues from becoming problems.

How it Works

AI Threat Insights is a new capability of the Secure Access SaaS platform that leverages the power of Machine Learning (ML) to provide comprehensive advanced threat detection and user and entity behavior analytics (UEBA). It monitors an individual organization’s user, device, network, and application behavior and forms a comprehensive baseline of activity.

Then, using advanced generative AI algorithms, it continuously monitors user and devices for deviations from their behavior baseline, providing early detection of suspicious activities, including:

• Data exfiltration
• Device usage at unusual times
• New applications generating network traffic
• Higher amounts of data than expected
• Unsafe application and web browsing behavior
• New or anomalous network usage patterns
• Malicious network port scanning
• Device acting as a server
• Possible denial of service attacks
• Device refusing server-like requests
• Abnormal device network usage

As new threats emerge and behaviors evolve, AI Threat Insights automatically modifies its baselines, ensuring that an organization’s defenses remain continuously updated.

Finally, AI Threat Insights generates configurable alerts in Secure Access with rich context and direct links to detailed Insights for Network dashboards, empowering security teams to prioritize and investigate potential threats.

Dedicated dashboards offer detailed critical and non-critical suspicious activity information

What it Can Do for You

AI Threat Insights helps IT enormously with proactive alerts into user, device, network, and application behavior, enhancing data security and preventing possible data loss.

• Spot anomalies quickly, pinpointing individual users, devices, networks, and applications that may indicate a problem
• Block connections to suspicious sites or deny activity by policy action
• Drill down to user, device, and flow data for fast problem identification and resolution
• Detect possible data exfiltration activities and identify geographic locations on map
• Combat phishing, smishing, distributed denial of service (DDoS), malware, and advanced persistent threats (APTs) with AI-powered analytics, helping protect businesses from data loss and leakage and mitigate risk at scale with data-driven insights
• Get risk-based alerts based on configurable parameters that surface actionable information quickly
• Enable better situational awareness and rapid responses to suspicious behaviors and issues before they become problems
• Identify suspicious traffic to/from web servers, file servers, and other network endpoints
• Indicate possible lateral movement, such as multiple users or devices with similar unexpected activity
• Notify and track suspicious network port scanning
• Notify and track movement of large amounts of data from internal to external systems
• Flag user, device, or application access to destinations with high risk and poor reputations
• Flag or alert on suspicious internet browsing activity or suspicious network activity

Drill downs provide information down to the flows between devices and applications

Learning More

It is fully integrated with Absolute’s broader Secure Access platform that includes Zero Trust Network Access with dynamic policy enforcement, remote browser isolation (RBI), content disarm and reconstruction (CDR), AV scanning, distributed firewalls, multi-factor authentication (MFA), along with optimized secure tunneling, persistent connections that ensure application connectivity even in challenging environments, and over 60 dashboards for deep visibility.

In a future blog, we’ll look at how AI can help IT departments fight the increasingly complex security landscape in terms of threat detection, automated responses, behavioral analytics, vulnerability assessment, and predictive analysis. In the meantime, talk to your Absolute partner or seller for more information.

Availability

Current customers with SaaS deployments of Absolute Secure Access Edge and Enterprise will receive the update for version 13.50 and Insights for Network 4.10.

Read Press Release