Raytheon’s ‘SureView’ beefs up detection of malicious insider threats and privileged user abuse

Raytheon CompanyRaytheon SecureView announced on April 25 that the latest developments found in its new SureView release include new policy support features that enhance product capability for continuous monitoring and network auditing against insider threat and privileged user abuse.

With this release, commercial and federal organizations now have access to a Privileged User Monitoring and Auditing (PUMA) Policy Pack specifically designed to enable SureView to detect malicious acts and policy violations by privileged users that often go undetected.

Additionally, this latest release includes SureView Spotlight, a software development kit that allows integration with best-of-breed analytic solutions.

“For more than a decade, customers have relied on SureView to detect and stop malicious activity inside their networks,” said Ed Hammersla, managing director of Raytheon Cyber Products at Raytheon Intelligence, Information and Services. “SureView is a proven solution specifically built to address human behavior and provide the insight necessary to recognize both malicious and non-malicious insider threats. The latest enhancements to SureView are the result of customer inputs and lessons learned from long-term deployment. In fact, the PUMA Policy Pack was developed to meet requirements specifically articulated by our customers to mitigate the privileged user threat.”

Additional new features of SureView include:

  • Host-based network traffic monitoring and collection — Because many network incidents can be attributable to simple negligence, SureView’s new network collector monitors and captures the actual network traffic. If connections or ports are found open, leaving them vulnerable to attack, an alert is sent that includes the user who left the connections open.
  • Simplified policy creation — Now policies can be created with a simple right click and by leveraging Window’s event logs.
  • New collection capability — Monitors and collects data published to Windows event log providing easy integration with other technologies such as third party Security Information and Event Management (SIEM) systems.
  • Enterprise application suite enhancements — This release supports large scale deployments with enhanced user, agent and group management. It also provides the ability to generate contextual reports with a simple “right click” and export data to a file that is printer friendly.

As a policy-based cyber audit solution, SureView monitors employees’ activities, including the accessing of classified networks, while safeguarding privacy and legally protected whistleblower communications. It provides irrefutable and
unambiguous attribution of end-user activity, providing context to rapidly discern malicious activity from benign actions. SureView also integrates with best of breed SIEM tools.