10 Mar White Paper: Behavioral Analytic Engine
This ASD White Paper discusses how a Behavioral Analytic Engine can automate the hunt for cyber attackers, show where they are hiding and tell you what they are doing. The highest-risk threats are instantly prioritized so security teams can expeditiously stop attacks that are in progress and avert data loss. By automating the manual, time-consuming analysis of security events, the engine condenses days or weeks of work into minutes and reduces the threat investigation workload by orders of magnitude.
Multiple sensors provide input to the Analytic Engine. Sensors can be physical or virtual and receive input from third-party sources in the form of logs from security products, authentication systems, SaaS applications and/or indicators of compromise. Sensors are deployed on a SPAN (Switch Port Analyzer or Mirror) port or network TAP (Terminal Access Point).