Given the recent sharp increase in cyberattacks of all kinds, IT operations driving enterprise scale networks need something that will effectively reduce their intelligence gathering problems and help to automate their response to be as fast as possible. What’s needed is the ability to identify and deal with attacks as they happen but there are some really significant challenges in doing this including the sheer scale of network event data, the problem of filtering out the event "noise" and false positives, and the ability to detect zero day threats.
With what must be one of the headiest combinations of hot technologies I’ve seen for a while, the security company Cybereason uses behavioral analytics, big data, and machine learning along with major league threat intelligence resources to thwart cyberattacks in, they claim, real time.
Cybereason uses a minimally invasive, user-space Endpoint Silent Sensor for data collection and lets you choose between cloud-based or on-premise server deployment. This minimizes the deployment time and its user impact, reducing the organizational resistance and technology risk. Moreover, Cybereason’s Malop Hunting Engine incorporates statistical and behavioral analytic capabilities so it requires little or no up-front configuration or tuning.
“Malops” are malicious operations and Cybereason’s threat detection capabilities have recently been enhanced by Cybereason customer and investor Lockheed Martin by the addition of Lockheed Martin’s Threat Intelligence data feeds.
The Cybereason platform tracks Malops through their activity path from infection, through privilege escalation attempts, network scanning, lateral movement (migration through the enterprise), connecting to command and control servers, and attempting data theft and dissects the Malops events into groups of similarly affected end points.
In the Discovery Board you can drill down into the detailed timeline of a Malop, its functional attributes (processes, connections, etc.), along with analysts’ comments and notations. In the Incident & Response Console, which is organized by events, analysts can initiate a single-click Guided Remediation of a detected threat to kill processes on multiple endpoints, quarantine attacking processes for further investigation, and delete unwanted registry keys.
Cybereason’s platform is impressive and the support of Lockheed Martin, which has serious chops in the field of threat intelligence, plus Lockheed Martin using Cybereason’s detection engine in their own endpoint detection and response solution called Wisdom, makes Cybereason one of the most important attack detection and remediation vendors in the enterprise security market .