HYAS Confront uses domain expertise and proprietary machine learning to monitor and detect anomalies in production network environments and improve visibility as applications move to the cloud. Credit: iStock Bringing threat detection and response capabilities to production networks, cybersecurity company HYAS Infosec is set to release a new, specifically targeted security solution dubbed HYAS Confront.Aiming to address security issues on cloud-based production networks — which the company defines as the infrastructure behind businesses’ outward-facing, revenue-driving applications — the software is designed to continuously monitor traffic to uncover anomalies and enhance risk mitigation.“HYAS is focused on providing our clients and customers with the solutions that they require for true business resiliency, continuity, and risk management,” says HYAS CEO David Ratner. HYAS Confront “has already been proven in live deployments” among some customers, Ratner says, and will be available in general availability to customers in June. HYAS Confront uses a supervised learning modelHYAS Confront records all internal machine-to-machine communication in the production network as well as the communications leaving the network. Using this knowledge, HYAS analyzes communication destinations, traffic patterns, and related data to initially determine what may be anomalous. “Continual analysis combined with human intervention enables HYAS to determine a baseline of ‘standard’ operations which future anomalies can be compared against,” says Ratner. Confront then utilizes “advanced threat assessment and machine learning” to continuously monitor for anomalies and uncharacteristic activity that break from pre-established patterns.“Standard” operations are analogous to “labels” in supervised machine learning models, which are used in training data to help the model identify and register patterns and later match and validate test data. HYAS advertises a so-called passive deployment for Confront, meant to provide continuous and proactive monitoring of issues, without affecting availability, performance, or latency.Additionally, Confront several additional key benefits, HYAS says, including integrations with existing security components, improved network hygiene, instant deployment, and real-time insights.“This is a very interesting addition to an already-strong suite of HYAS Infosec security solutions,” says Gary McAlum, a senior analyst at TAG Cyber. “The focus on the enterprise production network, in addition to the surrounding infrastructure, is intriguing.”Confront’s unique approach, though, may not be without challenges, McAlum says.“It will be challenging, but not impossible, to show risk reduction value while functioning passively in the production network without affecting performance or injecting latency,” McAlum points out. “Another challenge will be the incident response. If a threat event is flagged in production, a careful process for investigating and taking appropriate action will be extremely important to avoid negatively impacting business operations.”Also challenging for Confront will be navigating through an already complex and overlapping security ecosystem wherein enterprise security teams are managing many security tools and capabilities. “HYAS will need to clearly articulate the operational ROI by adding yet another layer into an already-crowded security stack. Better yet, if they can demonstrate the ability to replace multiple existing tools with this product, without decreasing operational effectiveness, that could be a very compelling approach when meeting with security leaders,” McAlum adds. Related content feature How to future-proof Windows networks: Take action now on planned phaseouts and changes Microsoft has telegraphed its desire to start shuttering some legacy Windows systems. Here’s how to get ahead of the security changes that will inevitably come to the platform. By Susan Bradley May 08, 2024 6 mins Windows Security Threat and Vulnerability Management Network Security news analysis Kinsing crypto mining campaign targets 75 cloud-native applications Five years after being discovered, the Kinsing cryptojacking operation remains very active against organizations, employing daily probes for vulnerable applications using an ever-growing list of exploits. By Lucian Constantin May 08, 2024 6 mins Cryptocurrency Malware Application Security brandpost Sponsored by Cyber NewsWire Hunters announces full adoption of OCSF and introduces OCSF-native search By Cyber NewsWire - Paid Press Release May 07, 2024 5 mins Cyberattacks Security news Administrator of ransomware operation LockBit named, charged, has assets frozen A Russian national alleged to have been the administrator of the notorious and prolific LockBit ransomware provider faces international charges. A $10-million reward for the suspect’s arrest has been offered. By Lucian Constantin May 07, 2024 3 mins Advanced Persistent Threats Hacker Groups Ransomware PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe