Aruba IntroSpect vs Corelight comparison

Aruba IntroSpect is a User Behavior Analytics (UEBA) tool that uses supervised and unsupervised machine learning to automatically baseline user and device behavior while actively looking for anomalous activity that may indicate a threat. The solution detects compromised users’ systems by identifying changes in typical IT access and usage. By accelerating alert prioritization, incident investigation, and threat-hunting efforts, Aruba IntroSpect can automate the detection of attacks and risky behaviors. In addition, the solution allows security teams to stay ahead of malicious activity and also insecure or negligent users, so they can manage threats before they become damaging. Aruba IntroSpect is suitable for IT organizations of every size and enables businesses to easily and rapidly scale machine-learned behavior detection from small projects to full enterprise deployments.

Aruba IntroSpect can detect:

• Account abuse
• Account takeover
• Command and control
• Data exfiltration
• Lateral movement
• Password sharing
• Privilege escalation
• Flight risk
• Phishing
• Ransomware

Aruba IntroSpect Deployment Options

• On-premise VM or appliance for Packet Processor
• AWS or on-premise deployment for Analyzer

Aruba IntroSpect Data Sources

The IntroSpect platform can process data sources, including:

• VPN, FW, IPS/IDS, web proxy, email logs
• NTA sources: Packets and NetFlow
• DNS logs
• Active Directory logs
• DHCP logs
• External threat feeds
• Alerts from third-party security infrastructure

Aruba IntroSpect Features

Aruba IntroSpect has many valuable key features. Some of the most useful ones include:

• Advanced analytics
• 100+ supervised and unsupervised machine learning models
• Continuously updated risk scoring
• Accelerated investigations
• Packets
• Flows
• Logs and alerts
• Enterprise scale
• Spark/Hadoop platform

Aruba IntroSpect Benefits

There are many benefits to implementing Aruba IntroSpect. Some of the biggest advantages the solution offers include:

• Fast deployment: Besides having different options for deployment (on-prem or cloud), the solution offers a standalone or integrated platform. For fast deployment, users can ingest data natively or from SIEM, log management, or a packet broker.

• Efficient: The Aruba IntroSpect solution reduces the time and effort that is required to understand, diagnose, and respond to an attack.

• Deep insights: Security teams can triage better, make more informed decisions, and respond before damage occurs.

• Machine learning-based analytics: The solution builds baselines for normal behavior of both individual entities and groups by continuously monitoring IT activities.

• Comprehensive security profile: When users implement Aruba IntroSpect, they gain access to a security profile with continuous risk scoring and enriched security information.

• Automatic risk profiles: Aruba IntroSpect automatically creates a risk profile for every user, system, and IoT device connected to the network, saving users an additional step.

• Proactive threat hunting: Through its query interface, Aruba IntroSpect proactively spots threats without the overhead of finding, searching, and summarizing isolated data stores.

• Prioritize security risks: Risk scores are based on machine learning that can account for key factors like the order and time of incidents across various attack stages as well as time since detection and business context. Accurate, normalized scores mean security analysts can confidently prioritize their efforts.

• Instant visibility: When using the solution, users get instant visibility to high-risk activity. Aruba IntroSpect provides access to complete investigative records.

Corelight is the most powerful network visibility solution for information security professionals. We provide real-time data that organizations use to understand, detect, and prevent cyber attacks. Our solution is built on Zeek, the powerful and widely-used open source monitoring framework.