ThreatLocker introduced Advanced Anomaly Detection, a new capability in its Cloud Detect product, designed to help organizations detect and stop sophisticated cyber threats like impossible travel, cookie theft, and credential harvesting. This feature is especially valuable for security analysts and CISOs navigating the challenges of modern cloud environments.
-
Works independently of Microsoft Licensing
-
Improves use of telemetry data through implementation of trusted IPs to reduce false positive for traveling users
-
Empowers customers with deeper visibility into irregularities, beyond traditional individual log analysis.
“This new capability is critical for hardening attack surfaces and highlighting irregularities in distributed environments,” said Danny Jenkins, ThreatLocker CEO and co-founder. “Without a unified source of truth for the location of its users, organizations often lose out on critical security measures. Cloud Control creates this source of truth for our Advanced Anomaly Detection, allowing us to identify suspicious activities, such as an authentication from Florida followed by a login from Europe in a different application, which strongly indicates account compromise. And it doesn’t have to end at just Microsoft 365.”
The Advanced Anomaly Detection feature is designed to analyze log data from a customer’s cloud environment, running advanced analytics to determine if two login attempts from the same user constitute an “impossible travel” scenario. This means if a user logs in from Europe and an hour later a login is recorded for the same user in the United States, Cloud Detect can identify this as an impossible event, highlighting potential account compromise.
Related News:
