Leveraging Cybereason DFIR to Contain Attacks in Minutes

Today, many organizations find themselves vulnerable to breaches because security analysts lack the tools to quickly investigate and remediate all aspects of a threat. The modern security toolkit is varied by necessity, with different tools required to effectively perform different tasks. 

As part of a successful defense-in-depth strategy, often deep-dive analysis is needed to fully understand and respond to serious events and data breaches. That’s why Cybereason has announced the availability of Cybereason DFIR (Digital Forensics Incident Response), a solution designed to automate incident response (IR) investigations by incorporating nuanced forensics artifacts into threat hunting, reducing remediation time by enabling security analysts to contain cyberattacks in minutes. 

With the Cybereason MalOp™ Detection Engine augmented by Cybereason DFIR, security analysts can leverage the industry’s most comprehensive detections from root cause across every impacted asset. With forensics data added to the MalOp, security analysts have instant visibility into a wider range of events to enable more rapid decisions to permanently remediate threats more efficiently. 

Cybereason DFIR includes the following capabilities:

  • Forensic Data Ingestion: Feed a treasure trove of forensic data to the MalOp™ Detection Engine for deeper insights, enrichment, and contextualization
  • Live File Search: Search for any suspicious file in the environment based on a wide variety of search criteria without the need for prior collection
  • IR Tools Deployment: Streamline cumbersome IR investigations and work seamlessly with similar DFIR tools by deploying them via the Cybereason Sensor
  • ExpressIR: IR Partners and large customers with internal DFIR teams can deploy a pre-provisioned IR environment to begin the investigation within hours of an incident

Anything connected to the internet is part of an organization’s attack surface, yet Defenders are forced to use multiple siloed solutions producing uncorrelated alerts to try to find and end these complex malicious operations.

Now, Defenders can leverage Cybereason DFIR to centralize DFIR investigative work and end sophisticated attacks with the only solution on the market to deliver:

  • Comprehensive Response: Cybereason DFIR has a number of tailored remediation actions analysts can perform directly from the investigation screen. The solution empowers analysts to reduce Mean-Time- To-Detect and Mean-Time-To-Remediate. Cybereason DFIR also allows Defenders to contain attacks by executing commands directly on the host in question with remote shell and real-time response actions.
  • Uncover Advanced Adversaries: Fully reveal sophisticated adversaries and analyze complex TTP’s by tracing the attacker's path back to the root cause. Defenders will have a better understanding of the full scope and timeline of an incident using enriched forensics to identify all impacted systems and users. Security analysts can investigate relevant files and forensic artifacts of interest through wide-ranging criteria to collect files as needed.
  • Fully Supported Technology: With a shortage of Tier III qualified security analysts, many security teams are understaffed and lack in-house IR expertise. Cybereason automates most aspects of a DFIR investigation and up-levels the capabilities of Level 1 and 2 analysts to perform complex forensic tasks. In addition, the Cybereason Services Teams fully supports investigations, breach recovery, forensic audits, and deep-dive analysis.

Cybereason also boasts industry-leading IR talent, with many of the brightest minds in the space fueling our engineering and services. In the event of a breach that requires post-mortem analysis, teams that feel outmatched and overwhelmed by adversaries can fully recover, investigate, augment staffing, and implement processes based on the lessons learned in the investigation to avoid a breach through similar vectors moving forward.

Cybereason is the de facto DFIR partner via our massive advantages with the technology. Rather than a neglected area of our product and services portfolio, DFIR is a cornerstone of our strategy and we have built an EDR platform that enables DFIR boosted by services to reduce mean-time-to-response and fully recover from a data breach.

Cybereason is dedicated to teaming with defenders in both the public and private sectors to end cyber attacks from endpoints to the enterprise to everywhere. Learn more about the Cybereason DFIR advantage here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.

JJ Cranford
About the Author

JJ Cranford

JJ Cranford is a Senior Product Marketing Manager at Cybereason, He was previously with OpenText after the acquisition of Guidance Software where he was responsible for the go-to-market strategy for endpoint security products. JJ provides insight into market trends, industry challenges, and solutions in the areas of incident response, endpoint security, risk management, and compliance.

All Posts by JJ Cranford