Cybereason XDR: Intelligence-Driven Hunting and Investigation
March 9, 2022 |
1 minute read
For many Security Operations Centers (SOCs), conducting useful queries using a traditional Security Information and Event Management (SIEM) requires training and familiarity with syntax language, and deep analysis to take action on the results of a particular hunt.
Threat intelligence is often only matched against newly ingested data, creating coverage gaps and missed threats. In addition to limited IOC monitoring, SIEMs also lack the necessary data retention to effectively leverage threat intelligence.
How Cybereason XDR’s Binary Similarity Analysis can identify previously unknown (obfuscated) malware based on its similarities to existing malware
How analysts can use the Historical Data Lake to query up to two years of historical data and select what data to unarchive, or replay, for the purposes of performing more in-depth queries and hunts
Cybereason is dedicated to teaming with defenders in both the public and private sectors to end cyber attacks from endpoints to the enterprise to everywhere. Learn more about the Cybereason DFIR advantage here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.
About the Author
Dan Verton is Director of Content Marketing at Cybereason. Dan has 30 years of experience as a former intelligence officer and journalist. He is the 2003 first-place recipient of the Jesse H. Neal National Business Journalism Award for Best News Reporting – the nation’s highest award for tech trade journalism and is the author of the groundbreaking work, Black Ice: The Invisible Threat of Cyber-Terrorism (McGraw-Hill, 2003). He most recently served as an intelligence advisor and co-author of a nationwide TSA anti-terrorism awareness training program.