Security analysts and CSIRT teams can detect important events with accelerated mean time to detection, and quickly investigate for significantly reduced ‘dwell time’ across server, container, endpoint and cloud environments
Uptycs, a leader in SQL-powered security analytics, announced today a major release to its security analytics platform that provides enhanced detection, investigation and response based on the widely regarded MITRE ATT&CK framework. The new capabilities enable continuous security-observability for Linux, containers, Windows, macOS and cloud service providers. The new release maximizes host and cloud resource coverage to ensure the broadest detection coverage possible. Security analysts can now quickly prioritize, investigate and respond with confidence based on high-fidelity detections mapped to the MITRE ATT&CK framework.
An accelerated shift to the cloud, combined with a persistent and expansive remote workforce, is changing and broadening the attack surface, leaving enterprises open to a greater risk of exploitation and breaches. To offset these risks, security teams need connected insight across hosts, containers, and cloud providers in order to detect, prioritize, investigate, and mitigate potential threats.
“SOC teams are bombarded with alerts on a daily basis, yet they lack the context to understand which to prioritize,” said Ganesh Pai, CEO, Uptycs. “They also suffer from visibility gaps because they cannot get host telemetry from all their systems, cannot capture transient workloads, and lack visibility into their cloud provider services. This can weaken detection and response capabilities and make it exponentially more difficult to conduct timely investigations.”
With the Uptycs comprehensive and enhanced detection, response and investigation solution, SOC and CSIRT teams can:
- Collect a wealth of data across Linux, macOS, Windows, and container environments to provide the broadest security coverage.
- Gain insight into those detections that should be prioritized, saving time wasted on potential false-positive alerts. This is all made possible through new updates to composite threat scores, a process graph for attack chain visualization, and signal mapping to MITRE ATT&CK.
- Get a head start on investigations with all the signals (events and alerts) associated with a detection already pieced together. Analysts can use the investigation and real-time query capabilities in the Uptycs platform to understand the scope and severity of an attack prior to starting work on remediation.
- Perform forensic investigation based on historical machine state, including that for cloud workloads that are no longer in production. This is important for transient or ephemeral containers and virtual machines that may only run for hours or minutes.
- Use a single platform to proactively reduce the attack surface by detecting misconfigurations and vulnerabilities, in addition to known threats.
Pai adds: “According to research by UC Berkeley’s Center for Long-term Cybersecurity, more than 80% of organizations are using MITRE ATT&CK to determine gaps and model threats. Meanwhile, 45% say that the lack of interoperability with their security products is their biggest challenge, and 43% cite the challenge of mapping event data to tactics and techniques. Our new release tackles these issues head-on by offering security observability across the broadest range of operating environments and mapping that data to MITRE ATT&CK for maximum visibility and threat remediation.”