Uptycs announced today it has added capabilities to their XDR solution to provide improved detection and triage of advanced attacks and APT threat actors. Now, security teams have access to comprehensive tooling to detect, remediate, and protect against advanced external attacks.
“Working from home has created unforeseen challenges for security teams worldwide,” said Ganesh Pai, CEO, Uptycs. “The push to support remote workforces has accelerated cloud migration, and therefore expanded companies’ attack surfaces. These new capabilities reflect our ongoing commitment to stay ahead of potential threats so enterprises can run their businesses in the cloud with confidence.”
Uptycs’ new capabilities its XDR solution include:
- Contextual detections. This feature provides analysts more context to understand the severity of a detection, specifically in-depth details around the toolkits used by threat actors. The Uptycs endpoint agent uses a highly optimized approach to scan the process memory using the YARA rules and then populates the profile of each detected malware/tool to provide details about the malicious software capabilities. The Uptycs threat research team continuously updates the YARA rules, and toolkit and threat profiles. Customers can also add their own custom YARA rules, toolkits descriptions, and threat profiles to track and hunt APT threat actors that may be targeting their organization.
- Automated threatbooks: The Uptycs threat research team provides threat intelligence to the product on a daily basis. Some portion of this intelligence is associated with high-profile attacks. The Uptycs platform automatically creates associated threatbooks and scans historical data to identify any previous infections.
- Lateral movement correlation enhancements: When an analyst is evaluating a detection, one crucial thing they need to know is whether a threat actor has moved laterally within the environment. Lateral movement detection feature of our correlation engine tries to detect the attack progression based on the proximity of other systems to the system that is under attack. We have added enhancements to identify close-proximity systems based on login attempts.
Also Read:MITRE Launches Engage Framework to Defend Against Cyber Attacks
- Ransomware detection: Uptycs XDR agent now provides generic detection and protection against ransomware attacks on Windows operating systems. The capability is directly built inside the endpoint agent so it can protect against the attacks in offline mode as well. Additionally, Uptycs XDR provides Linux-targeted ransomware attacks detection via the Uptycs cloud
- Process code injection / DLL injection: The Uptycs XDR agent now provides generic detection to process code injection on both Windows and Linux endpoints. Process code injection is a technique used by attackers to inject malicious code inside a trusted running process to evade detection.
- Process hollowing: A sub-technique of process injection is process hollowing, where malicious actors attempt to evade defenses by injecting malicious code into suspended and hollowed processes. The Uptycs XDR agent now provides generic detection for process hollowing on both Windows and Linux endpoints.
- Master boot record (MBR) overwrite: The Uptycs XDR agent now provides generic detection of MBR overwrite on Windows-based endpoints. MBR overwrite is a technique used by adversaries where the goal is to disrupt operations and make the system unusable.
- Lsass.exe memory credential dumping: To detect attacker attempts to steal credentials, Uptycs XDR agent now provides generic detection of lsass.exe (Local Security Authority Subsystem Service) memory credential dumping on Windows-based endpoints.
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
