Immediate policies and reporting | Ava blog

Our goal is to provide a powerful insider threat detection and response tool. In doing so, we put an emphasis on three pillars:

1. Visibility - as detailed, granular, and comprehensive as can be.
2. Automation - machine learning- and policy-based detection and response, and incident-based user training.
3. Ease of use - clear UX to augment operators.

In the life of a startup, there are different phases. Ava Reveal (formerly Jazz Networks) became generally available in September 2018, and during the time since launch, while we continued to innovate, we received a lot of valuable customer feedback. Some of it came from happy customers who wanted “more of that Jazz” and some from prospects that explained what they would like to see in the product.

What makes V8 different from previous releases is that V8 is solely dedicated to acting on customer feedback!

We focused V8 on ease of deployment, ease of use, and reporting.

When we launched Reveal, the Agent was deployed using individually signed enrollment bundles that were numbered and had a set expiry date. While this method is indeed secure, we wanted to make it easier for mass deployments.

Save deployment time by enrolling the Reveal Agent with a code. This new alternative to the enrollment bundle authenticates the Reveal Agent on devices and enables communication with the Reveal Infrastructure. Enrollment codes are compatible with the soon-to-be-released Reveal Agent version 6.0.1.

With V8, you can see and extend the expiry and maximum number of uses for an enrollment bundle and code to avoid the hassle of expired and invalid enrollment bundles and codes.

As part of this new functionality, the solution issues a token when an enrollment bundle and code are generated. To ease administration, the Reveal Web UI alerts you when a bundle and code is nearing expiry, so you can update the associated token if needed.

Our policy engine is designed to allow maximum customization of policy templates. As we now have hundreds of policy templates (and counting), we decided to simplify the process for customers.

V8 delivers 70+ policy templates that work without configuration, covering the following areas:

• Cyber hygiene: Contains policies that detect activities that may unintentionally put employees or your organization at risk, such as connecting to insecure and open Wi-Fi networks and downloading potentially dangerous files.
• Insider risk: Contains policies that detect potentially unauthorized or unapproved activities within your organization, intentional or unintentional, through unusual logins and use of unauthorized tools.
• Data tracking: Contains policies that detect movement of files on and across systems, such as file copying and printing.
• Attack indicators: Contains policies that detect attempts of infiltration and/or compromise by malicious actors, such as Windows RDP BlueKeep, Pass-the-Hash, Microsoft Active Directory reconnaissance, and keystroke injection attacks.

Our partners are delivering great value to our customers by wrapping services around reveal. MSSPs at times configure policies at mass and asked us for a way to replicate policy groups across their various customers. With V8, you can enable policies with ease using policy exporting and importing capabilities.

I’m very proud of our development team and what we achieved in V8, and I am looking forward to great innovation in the coming versions!