Many organizations find themselves vulnerable to breaches because security analysts lack the tools to quickly investigate and remediate all aspects of a threat. By offering incident response solutions driven by forensics, Cybereason can extend deeper value to Defenders. With the Cybereason MalOp Detection Engine augmented by Cybereason DFIR (Digital Forensics and Incident Response), security analysts can leverage the industry’s most comprehensive detections from root cause across every impacted asset.
With forensics data added to the MalOp, security analysts have instant visibility into a wider range of intelligence sources to enable rapid decisions and remediate threats more efficiently.
Cybereason DFIR includes the following capabilities:
- Forensic Data Ingestion: Feed a treasure trove of forensic data to the MalOp Detection Engine for deeper insights, enrichment and contextualization
- Live File Search: Search for any suspicious file in the environment based on a wide variety of search criteria without the need for prior collection
- IR Tools Deployment: Streamline cumbersome IR investigations and work seamlessly with similar DFIR tools by deploying them via the Cybereason Sensor
- ExpressIR: IR Partners and large customers with internal DFIR teams can deploy a pre-provisioned IR environment to begin the investigation within hours of an incident
“Cybereason DFIR enhances the performance of the Cybereason XDR Platform in our customers’ environments enabling security analyst teams to detect, identify, analyze and respond to sophisticated threats before adversaries can inflict harm, and when needed, conduct a thorough post-mortem analysis of a complex incident. The merging of our powerful Cybereason XDR Platform with Cybereason DFIR provides the industry with the most powerful tools available,” said Cybereason Chief Technology Officer and Co-founder Yonatan Striem-Amit.
Anything connected to the internet is part of an organization’s attack surface, yet Defenders are forced to use multiple siloed solutions producing uncorrelated alerts to try to find and end these complex malicious operations. Now, Defenders can leverage Cybereason DFIR to centralize DFIR investigative work and end sophisticated attacks with the only solution on the market to deliver:
Comprehensive Response: Cybereason DFIR has a number of tailored remediation actions analysts can perform directly from the investigation screen. The solution empowers analysts to reduce Mean-Time- To-Detect and Mean-Time-To-Remediate. Cybereason DFIR also allows Defenders to contain attacks by executing commands directly on the host in question with remote shell and real-time response actions.
Uncover Advanced Adversaries: Fully reveal sophisticated adversaries and analyze complex TTP’s by tracing the attacker path back to root cause. Defenders will have a better understanding of the full scope and timeline of an incident using enriched forensics to identify all impacted systems and users. Security analysts can investigate relevant files and forensic artifacts of interest through wide-ranging criteria to collect files as needed.
Fully Supported Technology: With a shortage of Tier III qualified security analysts, many security teams are understaffed and lack in-house IR expertise. Cybereason automates most aspects of a DFIR investigation and up-levels the capabilities of Level 1 and 2 analysts to perform complex forensic tasks. In addition, the Cybereason Services Teams fully supports investigations, breach recovery, forensic audits and deep-dive analysis.