What is the Human Managed platform?

huma
huma
  • Updated

Human Managed is the Intelligence Decision Action (IDEA) Platform for business that generates personalized intel and recommendations from any data. 

We take data from any source and analyze them for use cases related to cyber posture, digital scalability, and risk management.  The personalized IDEAs are delivered as report, notification, and dispatch for fast and actionable decision making. 

 

image.png

 

 

Services

Services from Human Managed deliver better cyber, digital, and risk outcomes for our customers.  They address some of the most common topics and challenges that businesses face today to operate in the data-flooded world. 

At the back end, HM services are made up of use cases (one or more conditions, correlation rules and/or machine learning algorithms) enabled in the Human Managed Platform to detect, triage, recommend and notify on potential issues, incidents and cases that warrants further investigation.

View the latest list of our standard services to control threats, scale opportunities, and manage risks. 

 

image.png

 

Service Outputs 

Service Outputs are the interaction packages that present analyzed intel and recommendations to you. 

Depending on your organization's subscription level, your IDEAs are delivered to you as a service through Report, Notification, and and/or Dispatch.  

 

1. Report 

Report is a collection of metrics, charts, and dashboards that display analyzed insights for subscribed use cases in a way that it’s easy to detect conditions, take decisions and execute actions. 

All reports are near real-time and are accessible from the Human Managed applications on web and mobile. 

 

clean version.png

 

2. Notification

Notification is an acknowledgement of an event sent to relevant users for various Service Functions, such as Detect, Triage, and React. 

Notifications can be sent via email, Slack, and/or Teams. 

Admins can configure and request for notification rules to keep relevant users informed when specific condition is met.    

 

image.png

 

3. Dispatch 

Dispatch is an alert with recommended actions upon Triage. 

Dispatches can be sent via the Human Managed app, email, Slack, and/or Teams. 

Admins can configure and request for dispatch runs and plays to alerts that need action. 

 

image.png

 

Service Functions 

Service Functions are the modular tasks executed by the Human Managed platform to perform analysis.

Depending on your organization's subscription, your use cases can include one or more of the Service Functions: Discover, Profile, Detect, Triage, Prescribe, React, and Resolve

 

1. Discover

Discover Service Function is the process of continuously discovering data or information that has not been seen previously by the Human Managed platform from connected data source(s).

Newly discovered data points such as assets, controls, vulnerabilities, weaknesses, violations, and notable events will be used to build a Discover Catalog. Discover Catalogs provides intelligence feeds to other Service Functions for further analyses. 

 

2. Profile

Profile Service Function is the process of continuously enriching context about a data point discovered by the Human Managed platform from connected data source(s).

It identifies and collects information about your organization’s assets, their relationship with each other, their posture state and behavior patterns to establish a baseline.

Profiled data points such as asset criticality, sensitivity, and risk metrics will be used to build and update a Profile Context unique to your organization. Profile Context provides enrichment to other Service Functions for further analyses. 

Below is an example of an Asset Catalog continuously updated with newly discovered and profiled assets. 

 

image.png

 

3. Detect 

Detect Service Function is the process of identifying interesting or suspicious events by the Human Managed platform from connected data source(s). Violations, known vulnerabilities / weakness / threat are examples of interesting or suspicious events.

It provides automated detection alerts that need to be actioned by applying pre-defined conditions, correlation rules, and/or machine learning algorithms to identify suspicious and malicious states within your organization’s environment.

Detect Use Cases will be built for you based on standard and custom conditions, rules, and/or models subscribed by your organization, over and above the detection configurations set on your tools.

Detect outputs will be delivered as Report and Notification to your teams automatically as part of the process.

 

Below is an example of list of conditions enabled for a customer to trigger Detections for subscribed use cases. 

image.png

 

4. Triage 

Triage Service Function is the process of assessing the detections triggered by the use cases enabled in the Human Managed platform.

It provides contextualized prioritization and triage of detections triggered by the use cases enabled in the Detect Service Function to confirm an issue or if a real security incident has taken place.

Detections are analyzed to a well-defined procedure named Triage Plays, which are a series of workflows to perform actions, such as data enrichment and prioritization.

Triage outputs will be delivered as Report, Notification, and/or Dispatch to your teams automatically as part of the process. 

 

5. Prescribe

Prescribe Service Function is the process of generating recommendation steps to treat triaged events.

It monitors for confirmed cases, issues or incidents and generates well-defined recommendation steps named Prescribe Plays to react or resolve.

Prescribe Plays consist of a series of steps to perform actions, such as harden, detect, isolate, deceive, evict and sending dispatch to your teams automatically as part of the process.

 

Below is an example of Prescribed remediation steps for a detected use cases. 

 

6. React

React Service Function is the act of containing and mitigating issue or incident.

It monitors issue and incident tickets that are escalated by the Triage Service Function and generates well-defined action steps for containment named React Runs.

React Runs consist of tactics for containing and mitigating the specific issue or incident types, including countermeasure deployment actions. Examples of React actions include file quarantine, process termination, and block user.

Depending on configurations and pre-approval, React Runs can be automatically executed by the Human Managed platform, or by the Human Managed's ServiceOps team with access to your organization's managed tools and applications, or dispatched to your team to act on.

 

7. Resolve

Resolve Service Function is the act of remediating and addressing the root cause of the case, issue, or incident.

It monitors case, issue, and incident tickets that are escalated by the Triage Service Function and/or contained by the React Service Function and generates well-defined action steps for remediation named Resolve Runs.

Resolve Runs consist of tactics for remediating and restoring the damage caused the specific case, issue, or incident types, including countermeasure deployment actions. Examples of Resolve actions include; DevSecOps program for Application Security, Revision of the Acceptable Use Policy, Re-imaging and deployment of multiple assets.

The Resolve Runs are based on your organization's business context, internal processes that allow Human Managed to recommend and/or perform actions using your policies and standards.  The Human Managed team can take the Resolve Runs where appropriate, or request approval to investigate the case, issue, or incident. 

 

Data sources 

A data source is customer devices, app, api, compute, storage, tool or service that generate log, metrics, traces, event data, alerts or meta-data that is forwarded to the Human Managed platform.

A Data from a source with a single defined schema is considered 1 (one) Data Source (e.g. EDR Platform). Multiple schemas from the same source will be considered as multiple Data Source (e.g. Logstash).

View the latest list of existing data sources that you can connect to the Human Managed platform for use cases. 

 

 

Platform Architecture

The HM Platform is the secure nerve centre from which the infrastructure for hardware, software, data, and AI is deployed and operated.

The HM platform architecture is broken down into four parts:

 

 

  1. Automate: Infrastructure Provisioning

    The provisioning of platform components specific to customer's requirement and secure setup of placing learning and monitoring components into customer's environment to ensure that the data is secured, and the models, embedding and weight are properly received on the platform.
  2. Connect: Sourcing

    The collection, processing and storage of logs, metrics, traces, and alerts from customer's environment for processing, training and improvement in the platform. 

  3. Orchestrate: Commissioning 

    The creation and activation of scenarios based on collected data to drive the parameters and learning.

  4. Present: Operations 

    The operations of solution by the platform and HM team, including but not limited to coordinating learning requests triggered by customer's use cases, performing analysis, conducting model validation and coordinating activities with the relevant customer teams. 

 

 

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.