Cybereason XDR: Intelligence-Driven Hunting and Investigation

For many Security Operations Centers (SOCs), conducting useful queries using a traditional Security Information and Event Management (SIEM) requires training and familiarity with syntax language, and deep analysis to take action on the results of a particular hunt. 

At an enterprise scale, searches can take several minutes or longer to complete, making SIEM solutions cumbersome to derive new insights or successfully connect threat intelligence and investigate matches.

Threat intelligence is often only matched against newly ingested data, creating coverage gaps and missed threats. In addition to limited IOC monitoring, SIEMs also lack the necessary data retention to effectively leverage threat intelligence.

Threat intelligence is transparently integrated into every corner of the AI-driven Cybereason XDR Platform. Automatically leveraging Machine Learning to amplify internal and external IOC threat sources in the threat detection process. But the real power comes from being able to hunt for behavioral tactics, techniques, and procedures (TTPs) based on more subtle Indicators of Behavior (IOBs).

Let’s take a look at the hunting and investigation capabilities of the Cybereason XDR Platform. In the following demo, we explore:

  • How easy it is to hunt for TTPs related to the Log4j vulnerability
  • How Cybereason XDR’s Binary Similarity Analysis can identify previously unknown (obfuscated) malware based on its similarities to existing malware
  • How analysts can use the Historical Data Lake to query up to two years of historical data and select what data to unarchive, or replay, for the purposes of performing more in-depth queries and hunts

Cybereason is dedicated to teaming with defenders in both the public and private sectors to end cyber attacks from endpoints to the enterprise to everywhere. Learn more about the Cybereason DFIR advantage here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.

Dan Verton
About the Author

Dan Verton

Dan Verton is Director of Content Marketing at Cybereason. Dan has 30 years of experience as a former intelligence officer and journalist. He is the 2003 first-place recipient of the Jesse H. Neal National Business Journalism Award for Best News Reporting – the nation’s highest award for tech trade journalism and is the author of the groundbreaking work, Black Ice: The Invisible Threat of Cyber-Terrorism (McGraw-Hill, 2003). He most recently served as an intelligence advisor and co-author of a nationwide TSA anti-terrorism awareness training program.

All Posts by Dan Verton