Author: Erik Peterson, Sr. Director of Engineering at Plixer
Experience Network Detection and Response with Plixer’s Latest Release: Plixer 19.4 ML Engine
August 2024 marks an exciting milestone for Plixer customers seeking to enhance security with the introduction of our latest advancements in Encrypted Traffic Analysis (ETA) and User and Entity Behavior Analytics (UEBA), specifically designed to protect federated apps and guard against insider threats. These powerful new features, are part of the comprehensive toolset within the Plixer One platform Network Detection and Response (NDR) capabilities. Here’s why this release is pivotal for the industry and how it can benefit network security professionals.
Encrypted Traffic Analysis (ETA)
In today’s digital landscape, encrypted traffic is now the norm, ensuring data privacy and security. However, this encryption presents a challenge; how can organizations gain insights into this opaque network activity without compromising privacy or legal standards? The approach Plixer employs with encrypted traffic analysis addresses this challenge head-on.
Key Benefits:
- Insight Without Decryption: Plixer ETA allows organizations to monitor and analyze encrypted traffic without the need to decrypt it. This approach maintains data privacy and complies with legal standards while still providing crucial visibility into network activity.
- Advanced Threat Detection: Utilizing the latest in advanced analytics, Artificial Intelligence (AI), and Machine Learning (ML), Plixer ETA analyzes encrypted traffic patterns and metadata to detect anomalies and potential threats. This method ensures rapid threat detection, even within encrypted traffic.
- Enhanced Security: By providing insights into encrypted traffic without decryption, Plixer One safeguards data privacy and delivers cutting-edge security, ensuring continuous protection for your network.
User and Entity Behavior Analytics (UEBA)
Understanding user behavior within a network is crucial for identifying potential security threats. Plixer’s latest update introduces UEBA, leveraging advanced analytics, AI, and ML to monitor and analyze user behavior.
Key Benefits:
- Rapid Threat Identification: Plixer One UEBA capabilities help ensure rapid identification and response to anomalous activities, including insider threats, compromised accounts, data exfiltration, and malware infections.
- Behavior Baselines: By collecting comprehensive data on user activities, With UEBA Plixer One creates a baseline of standard behavior for each account. Advanced analytics then compare current activities against this baseline, alerting to potential security threats.
- Integrated Visibility: Plixer’s UEBA integrates with the platform’s other capabilities, correlating user behavior data with network activity. This comprehensive view provides clear visibility into user activity across the network, ensuring effective threat detection and response.
About the Release: Plixer One 19.4 ML Engine
This release introduces significant enhancements to our ML Engine, adding the ability to monitor user authentication behaviors and encrypted traffic for anomalous activity. Here are the key deliverables of this release:
User and Entity Behavior Analytics for Microsoft 365, Active Directory, and Microsoft Entra ID:
- Anomalous Login Behavior: Uses authentication information from Microsoft 365, Active Directory, or Entra ID to identify anomalies such as unusual login frequency, multiple hosts using the same login, and unexpected login locations.
Additional Encrypted Traffic Analytics (ETA):
- Suricata Integration: Plixer FlowPro 20.0 (Tumalo) introduces Suricata for packet analysis, enabling the ML Engine to generate security events from TLS features.
- TLS Metadata Analysis: Utilizes TLS metadata derived from packet analysis to identify suspicious encrypted traffic and detect unusual encryption protocols.
Why This Matters
At Plixer, we envision a future where networks – and the data ingested on them – are secure, simple, and tuned to customers’ needs with advanced threat detection that’s backed by AI/ML. These enhancements address the growing complexity and sophistication of network environments. Plixer’s ETA and UEBA provide robust, efficient, and interpretable solutions that are well-suited to the demands of modern network security.
How This Can Help You
Network security professionals can leverage these advancements to enhance their NDR capabilities, ensuring comprehensive protection for their networks. By integrating these powerful features into a single platform, Plixer simplifies the process of monitoring and responding to potential threats, allowing organizations to focus on their core activities with confidence.
For more information on how this latest release can enhance your network security, contact your account executive or visit https://www.plixer.com/customers/support/