Cybereason DFIR Solution contains cyberattacks in minutes

News Desk -

Share

Cybereason, the XDR company, has introduced Cybereason DFIR (Digital Forensics Incident Response), a solution designed to automate incident response (IR) investigations by incorporating nuanced forensics artifacts into threat hunting, reducing remediation time by allowing security analysts to contain cyberattacks in minutes.

Many organizations are vulnerable to breaches today because security analysts lack the tools needed to quickly investigate and remediate all aspects of a threat. Cybereason can provide greater value to Defenders by providing incident response solutions powered by forensics. Security analysts can use the Cybereason MalOp™ Detection Engine, which is augmented by Cybereason DFIR, to leverage the industry’s most comprehensive detections from root cause across every impacted asset.

With forensics data added to the MalOp, security analysts have instant visibility into a broader range of intelligence sources, allowing for faster decisions and more efficient threat remediation. The following capabilities are included in Cybereason DFIR:

  • Forensic Data Ingestion: Feed a treasure trove of forensic data to the MalOp™ Detection Engine for deeper insights, enrichment and contextualization
  • Live File Search: Search for any suspicious file in the environment based on a wide variety of search criteria without the need for prior collection
  • IR Tools Deployment: Streamline cumbersome IR investigations and work seamlessly with similar DFIR tools by deploying them via the Cybereason Sensor
  • ExpressIR: IR Partners and large customers with internal DFIR teams can deploy a pre-provisioned IR environment to begin the investigation within hours of an incident

“Cybereason DFIR enhances the performance of the Cybereason XDR Platform in our customers’ environments enabling security analyst teams to detect, identify, analyze and respond to sophisticated threats before adversaries can inflict harm, and when needed, conduct a thorough post-mortem analysis of a complex incident. The merging of our powerful Cybereason XDR Platform with Cybereason DFIR provides the industry with the most powerful tools available,” said Cybereason Chief Technology Officer and Co-founder Yonatan Striem-Amit.

Anything connected to the internet is part of an organization’s attack surface, but Defenders are forced to use multiple siloed solutions producing uncorrelated alerts in order to detect and stop these complex malicious operations. Defenders can now use Cybereason DFIR to centralize DFIR investigative work and stop sophisticated attacks with the market’s only solution that delivers:

Comprehensive Response: Cybereason DFIR includes a variety of tailored remediation actions that analysts can access directly from the investigation screen. Analysts can use the solution to reduce Mean-Time-To-Detection and Mean-Time-To-Remediate. Defenders can also use Cybereason DFIR to contain attacks by running commands directly on the host in question using remote shell and real-time response actions.

Uncover Advanced Adversaries: By tracing the attacker path back to the root cause, you can fully expose sophisticated adversaries and analyze complex TTPs. Using enriched forensics to identify all impacted systems and users, defenders will have a better understanding of the full scope and timeline of an incident. To collect files, security analysts can investigate relevant files and forensic artifacts of interest using a variety of criteria.

Fully Supported Technology: Many security teams are understaffed and lack in-house IR expertise due to a shortage of Tier III qualified security analysts. Cybereason automates the majority of a DFIR investigation and elevates Level 1 and 2 analysts’ abilities to perform complex forensic tasks. Furthermore, the Cybereason Services Teams provide complete support for investigations, breach recovery, forensic audits, and deep-dive analysis.