Enriching Raw Telemetry with the Cybereason Historical Data Lake
The Cybereason Historical Data Lake ingests all available telemetry collected for analysis for two primary use cases: Historical Threat Hunting and Deep Investigation...
Fred O'Connor
Despite having some of the sharpest minds on its security team, a major aerospace manufacturer struggled with figuring out what was happening on its thousands of computers and servers. Without visibility, the company couldn’t easily and accurately determine if its endpoints had been compromised.
The company relied on the time-consuming process of manually reviewing data logs for suspicious activity. They wanted an endpoint detection and response platform that continuously monitored all endpoints and used data analysis to automatically detect threats. Unfortunately, after searching for three years, the company failed to find a product with these features. Security executives nearly gave up their search until they discovered Cybereason.
Our customer believed that facing advanced persistent threats required proactively hunting for adversaries that already breached an organization’s defenses, a mindset shared by Cybereason.
“Cybereason has the correct mindset to understand what you need to do and what to look for to discover threats,” said the organization’s CISO, who decided to deploy the platform on several thousand endpoints.
But as our customer looked into endpoint visibility products, it realized that many security vendors don’t share this mentality. Most products were reactive and performed data analysis in a way that didn’t meet the organization’s needs.
One product the company reviewed depended on indicators of compromise to discover attacks, an approach that didn’t appeal to our customer since adversaries can easily change IOCs to deceive firewalls and antivirus programs.
Another vendor’s idea of data analysis meant filtering data, assigning risk scores and issuing prioritized threat alerts based on how malicious a threat appeared. But this approach overwhelms analysts with threat alerts, said our customer’s lead security architect.
Cybereason reduces an analyst’s workload by allowing them to focus only on the alerts that matter, he added.
“They’re not going to be chasing alerts all day, just looking for something that may or may not be bad,” the lead security architect said.
Read our new case study to learn more about our customer’s information security challenges and how they used Cybereason to streamline their endpoint security process and implement automatic threat detection.
Fred is a Senior Content Writer at Cybereason who writes a variety of content including blogs, case studies, ebooks and white papers to help position Cybereason as the market leader in endpoint security products.
The Cybereason Historical Data Lake ingests all available telemetry collected for analysis for two primary use cases: Historical Threat Hunting and Deep Investigation...
Cybereason announces Unified Threat Hunting and Investigation, a significant development in its approach to storing long-term hunting data.
The Cybereason Historical Data Lake ingests all available telemetry collected for analysis for two primary use cases: Historical Threat Hunting and Deep Investigation...
Cybereason announces Unified Threat Hunting and Investigation, a significant development in its approach to storing long-term hunting data.
Get the latest research, expert insights, and security industry news.
Subscribe