Following the rollout of several new capabilities focused on insider threats and behavioral analytics, Haystax Technology’s software development team has deployed a number of functional enhancements to core apps in the Constellation Analytics Platform™, as well as to the system’s Map viewing environment and its new Dashboard app.
The latest Constellation upgrades include the following:
In the Haystax lexicon an asset is anything of value, be it a person, a building or a network. A number of enhancements have been made to the ‘person module’ of the Assets app beyond those previously reported, including:
- A more comprehensive set of data inputs, including the model-based system’s all-important analysis results (top right image, below).
- An Employment window for managing job information such as title, organization, start/end dates, supervisor, recent performance reviews, access level and more (top left image, below).
- An Events timeline that graphically displays key events and indicators such as birth date, residence, education, awards and foreign contacts.
- In a person’s analysis summary window, an administrator now has the option to add that person to a watch list.
- There is an expanded mini-dashboard on the Asset app’s list page that displays which persons are on an organization’s watch list, plus aggregate levels of trustworthiness and issues of concern, as well as other graphical data (lower image, below).
Incident management has always been a core mission in the Constellation user community, and several enhancements to the Incidents app provide the kinds of features many of our customers have suggested:
- From within the ‘Incident overview’ card, users can link specific incidents to each other. This is a significant capability in cases where multiple mobile reports are entered from the field (or in an ops center) that actually represent a single large incident.
- On any view page within the Incidents app, users now have the option of seeing a new window with Threat Streams app feeds, updated continuously.
- Each view page mini-map now shows all surrounding incidents that have been geo-tagged within the area displayed on the map.
- New custom incident icons can be created on the Map.
- A new window on an Assets app view page means that users can now see all incidents that are occurring at or near that particular asset, and clicking on the link takes them directly to the entry in the Incidents app. In addition, the incident is displayed on the mini-map on each Assets page. For physical assets such as schools, hospitals and churches, any incidents in the vicinity can now be seen (image below). In cases where the asset is a person, any incidents related to that person are displayed as well. Moreover, a user now can create a new incident directly from the window on the Assets page, rather than having to shift over to the Incidents app to do so.
In November 2016, Haystax unveiled its new Dashboard app, designed to give users a powerful way to visualize and manage real-time security analytics outputs and threat data generated from the Constellation domain awareness environment. Since then we have added several new Dashboard capabilities, including:
- The ability to export data from the Scatterplot and Histogram windows into the Plotly online analytics and data visualization tool (image below).
- Filtering by date range and/or tags, with each window in the Dashboard showing whether or not a filter is turned on.
- Filters now remain ‘sticky’ between sessions, meaning the system remembers the latest filter settings and retains them.
- Date range and tag filters have been added to the Map view as well. With the date filter the user can select ‘Last Hour,’ ‘Last Day,’ ‘Last Week’ or ‘Date Range’ and the map will show only incident, event or other app data that corresponds to the time window entered. A key benefit is that it will continuously update itself and drop off older information automatically without any manual resetting by the user, which is helpful during major scheduled events or high-tempo incidents. This is another in a long line of features that give users detailed control over what data is displayed — and hidden — within Constellation.
Based on a unique model-driven approach, the Constellation platform applies multiple artificial intelligence techniques to reason like a team of expert analysts and prioritize risks in real time at scale for more effective protection of critical systems, data, facilities and people.
By using Constellation, organizations can move to a dynamic and predictive risk posture, making quicker decisions and speeding remediation for more effective protection of their most important assets.
# # #
Note: To learn more about our model-driven approach to security analytics, please read our newest white paper on Three Security Analytics Approaches that (Mostly) Don’t Work.
Back to Main Blog | SHARE