🆕Insights: Intelligent management of threats, incidents, and events

Utilize our intelligent data security to effectively handle threats, incidents, and events happening in your environment.

❗For now, the Insights are only available in cloud-hosted Safetica. It is not yet available in Safetica hosted on-premises.

In this article, you will learn:

What are insights
How do insights tie things together
Reasons why an operation appears in Insights
Vision: Transition to intelligent evaluation and automation

Introduction: What are insights

Safetica provides great insights on many fronts. The Insights section highlights to admins where they should put their attention and efforts first. It is one single place where interesting insights from all across Safetica console come together and are consolidated into a focused task list.

This way, Insights give admins info about what to deal with so that they don't have to click through Safetica console to find security issues.

How do insights tie things together

Safetica collects data about operations that occur in the company and runs them through the Contextual Defense engine. Contextual Defense evaluates the data and smartly selects and consolidates important threats, incidents, and events from the Data, Apps, Websites, and External device sections and displays them as insights.

The admin's attention is brought to the severity of these insights, and short explanations are provided so that admins can see at first sight what is going on.

✍️By default, only new insights are displayed, so when an admin visits Insights, they immediately see a task list of unresolved potential issues.

Learn more about how to investigate issues via Insights here.

Learn more about insight details here.

Reasons why an operation appears in Insights

There are several reasons which cause an operation to appear in Insights:

The operation was high or medium-risk.
The operation violated a data policy.
An application was blocked.
A website was blocked.
The connection of an external device was blocked.
Policy with dynamic action became stricter for a specific user, and the severity of the insight increased.
A user was granted Privileged access.

Vision: Transition to intelligent evaluation and automation

Insights will be gradually transforming into a central hub where admins start and take action from here. Insights will consolidate all important insights from Safetica console and will serve as a bridge to other sections of the console. It will move towards greater automation and intelligent evaluation of these insights, becoming a crucial tool for investigation and management.

As the Insights continue to evolve, it will aim to:

Focus admins' attention to one place – in the Insights section, admins will find consolidated insights enriched with risk assessment. Instead of manually searching for and investigating incidents, the admins can now focus on the list of insights Safetica detected, selected, and highlighted for them as vital to focus on. Thanks to added smart context, the admin won't have to visit other product sections during investigation and management.
Smartly evaluate and summarize what happened – Instead of collecting and presenting raw info, Safetica will smartly pre-evaluate what happened and summarize the important characteristics of the insight and its related records. It will also suggest a solution for the situation.
Automate data protection – combined with concepts like Dynamic DLP, Safetica will personalize active security to individual users based on dynamic AI risk.

In the future, you may expect additions such as new types of insights, connecting insights to email alerts, integrating AI to provide improved context for insights, etc.

✍️We are actively conducting product discovery and looking for customer interviews where you can provide feedback and affect how we shape Insights in the upcoming months. Please contact our PM team product@safetica.com.