Case Study: How Cybereason MDR Improved Olist’s Triage & Response Time
With Cybereason Managed Detection and Response (MDR), the Olist security team shortened their triage and remediation times to less than 30 minutes.
Dan Verton
For security teams struggling with staffing shortages, alert fatigue, and a pressing need to streamline operations, Managed Detection and Response (MDR) services are an efficient and effective way to improve an organization’s security posture while freeing up analysts to focus on strategic priorities.
But not all MDR offerings are created equal. The Cybereason MDR Complete service not only provides 24/7 monitoring, elite threat hunting experts, the industry-leading Cybereason Defense Platform, and an array of other services, but it also brings to bear proprietary technology that enables Cybereason to detect a threat in less than 1 minute, triage the threat in less than 5 minutes, and remediate it in less than 30 minutes.
Let that sink in: a minute to detect threats, 5 minutes to triage, and 30 minutes to remediate. How fast can you do those things now?
When every second counts, the ability to correlate and understand alerts as quickly and efficiently as possible is critical in preventing a breach. Traditional approaches to detection, which treat each alert individually and without context, are no longer viable.
The Cybereason MalOp™ (short for malicious operation) provides the holy grail of detection: a contextualized view of the full narrative of an attack, correlated across all impacted endpoints, in a single screen. For security analysts, the MalOp shift their approach from alert-centric and reactionary to proactive and operation-centric (that is, enriched with a holistic understanding of the broader attack operation).
Cybereason MDR Complete extends the power of the MalOp in a way that enables our analysts to respond to the most critical malicious operations faster than any other company in the market. We do this through the MalOp Severity Scoring System (MOSS) and an automated remediation process known as Extended Response.
Once a MalOp is detected, the MOSS assigns a criticality score based on behavioral attributes and human expert analysis. Additionally, as part of the root cause investigation, every MalOp is mapped back to the MITRE ATT&CK Framework, which adds context to the attack's impact on the targeted host. Any MalOp deemed critical will automatically be prioritized for additional in-depth analysis and immediate response.
The MalOp Severity Score is comprised of three different components:
The Extended Response capability is the engine behind our industry-leading detection, triage, and remediation times. Once a MalOp is deemed critical by the MOSS, it kicks off an automated remediation process called Extended Response.
Extended Response is a proactive and automated remediation capability powered by the Severity Score system logic. By automating the scoring of a MalOp, Cybereason threat responders can:
Cybereason MDR delivers 24/7 security coverage and positions your security team with a future-ready posture designed to not only detect and remediate today’s threats but ensure protection against tomorrow’s attacks.
Other tangible business benefits include:
The MalOp™ Severity Score is available in all Cybereason MDR packages. Extended Response is included in MDR Complete but is only available as an add-on service in MDR Essentials.
Defenders can also leverage the Cybereason Mobile App to get instant access to their MDR dashboards, approve remediation actions, and communicate with our Global SOC Team from any authorized mobile device. Defenders can take immediate action by launching remediation actions for ongoing threats. This reduction in latency significantly reduces an adversary’s lateral movement and can prevent an attack from turning into a breach.
Contact a Cybereason Defender to learn more about how Cybereason MDR delivers prevention, detection, and response capabilities as a service, enabling us to uncover the most sophisticated and pervasive threats without having to manage them yourself.Dan Verton is Director of Content Marketing at Cybereason. Dan has 30 years of experience as a former intelligence officer and journalist. He is the 2003 first-place recipient of the Jesse H. Neal National Business Journalism Award for Best News Reporting – the nation’s highest award for tech trade journalism and is the author of the groundbreaking work, Black Ice: The Invisible Threat of Cyber-Terrorism (McGraw-Hill, 2003). He most recently served as an intelligence advisor and co-author of a nationwide TSA anti-terrorism awareness training program.
All Posts by Dan VertonWith Cybereason Managed Detection and Response (MDR), the Olist security team shortened their triage and remediation times to less than 30 minutes.
Cybereason has announced the availability of Cybereason DFIR, a solution designed to automate incident response (IR) investigations by incorporating nuanced forensics artifacts into threat hunting, reducing remediation time by enabling security analysts to contain cyberattacks in minutes...
With Cybereason Managed Detection and Response (MDR), the Olist security team shortened their triage and remediation times to less than 30 minutes.
Cybereason has announced the availability of Cybereason DFIR, a solution designed to automate incident response (IR) investigations by incorporating nuanced forensics artifacts into threat hunting, reducing remediation time by enabling security analysts to contain cyberattacks in minutes...
Get the latest research, expert insights, and security industry news.
Subscribe