Uptycs, provider of the first cloud-native security analytics platform enabling cloud and endpoint security from a common solution, today announced Uptycs Protect, which adds new blocking and remediation capabilities in their extended detection and response (XDR) offering. Now, security and compliance teams can immediately take action to stop and remove malicious actors in real time, mitigate the performance risk of blocking actions, and independently remediate compliance related policy violations.
Uptycs already provides leading threat detection and investigation as evidenced by its results from the 2020 ATT&CK® Evaluations for Enterprise performed by MITRE Engenuity. The enhanced response capabilities announced today in Uptycs Protect have been a popular request from customers, enabling consolidation of their endpoint tooling and improving their speed to incident response.
“Based on how fast vulnerabilities can be exploited, organizations must be prepared to perform emergency remediation on key systems within hours of a vendor releasing a patch to address a vulnerability, as well as heavily invest in mitigation measures,” according to a June 2021 Gartner blog post. The new remediation and blocking capabilities from Uptycs empower security teams to take immediate action when observing threats or urgent risks.
Also Read: Eliminate Stolen Enterprise Credentials with Dark Web Monitoring
The new blocking and remediation features in the Uptycs cloud-native security analytics platform include blocking for processes (path, file SHA256 hash, certificate SHA hash) and network domains. Real-time remediation capabilities include deleting files; shutting down, rebooting, or quarantining a host; killing or pausing a process; disabling users; and more. Moreover, these remediation capabilities are available through the Uptycs API, enabling security organizations to orchestrate automated response workflows.
The addition of Uptycs Protect make it possible for security organizations to solve several key challenges that traditional EDR tools do not address effectively:
- Security and Compliance teams can rapidly contain and remediate issues during an active threat, without the delay imposed by internal coordination with IT Ops teams (e.g., block a malicious process from propagating).
- Incident responders can remediate unwanted activity from an easy-to-understand and easy-to-use UI that provides context into what requires remediation.
- Compliance teams can immediately remediate compliance issues themselves without requiring IT Ops teams to make changes, such as implementing Windows registry fixes.
- Endpoint security teams can minimize risks inherent to automated blocking by back-testing blocking rules against historical telemetry or by using a log-only mode for a period of time to validate the potential impact.
- CISOs and other executives can consolidate their tools for productivity endpoints, server endpoints, and container-based workloads with Uptycs, which provides robust support for all workloads on-premises and in the cloud.
“Blocking and remediation is a critical functionality, but needs to be done carefully,” says Ganesh Pai, co-Founder and CEO at Uptycs. “We’ve taken care to do this the right way—for example, giving users the ability to rigorously test blocking rules and understand the context of remediation actions. The result is that endpoint security teams can implement automated blocking with confidence, and incident responders are empowered to make well-informed remediation decisions on the spot.”
For more such updates follow us on Google News ITsecuritywire News.
