Security analysts can detect important events early on in the threat lifecycle, and quickly investigate for significantly reduced ‘dwell time’ across server, container, and cloud environmentsWALTHAM, MASS. — November 11, 2020 — Uptycs, the leader in SQL-powered security analytics, announced today a robust update that enhances detection and investigation for on-premises and cloud workloads. The new capabilities enable the continuous capture of rich host data for Linux, Windows, macOS, and containers, as well as cloud provider data for AWS —to ensure the broadest detection coverage possible. Security analysts can now quickly prioritize, validate, and investigate important detections based on their provided mapping to the MITRE ATT&CK framework.An accelerated shift to the cloud—i.e., cloud solutions and environments—combined with a persistent and expansive remote workforce is broadening the attack surface, leaving enterprises open to a greater risk of exploitation and breaches. In order to offset these risks, security teams need connected insight across hosts, containers, and cloud providers in order to prioritize, detect, investigate, and mitigate potential threats.“SOC teams are bombarded with alerts on a daily basis, yet they lack the context to understand which to prioritize,” said Ganesh Pai, CEO, Uptycs. “They also suffer from visibility gaps because they cannot get host-based data from certain systems, can’t capture ephemeral workloads, or lack visibility into their cloud provider services. This can weaken detection capabilities and make it exponentially more difficult to conduct timely investigations.”With Uptycs’ detection and investigation solution, SOC teams can:
- Collect a wealth of host data across Linux, macOS, Windows, and container environments to gain the broadest security visibility for detection and investigation on-premises and in the cloud.
- Gain insight into which detections they should prioritize, saving time wasted on potential false-positive alerts. New updates to composite threat scores, a process graph for attack chain visualization, and signal mapping to MITRE ATT&CK make this possible.
- Get a head start on investigations with all the signals (events and alerts) associated with a detection already pieced together. Analysts can use the investigation and real-time query capabilities in the Uptycs platform to understand the scope and severity, and to start work on remediation.
- Perform forensic investigation based on historical machine state, including for cloud workloads that are no longer in production. This is important for containers and VMs that may only run for hours or minutes.
- Proactively reduce the attack surface by detecting operational risks, such as misconfigurations and vulnerabilities, in addition to known threats within the same platform.Pai adds: “According to research by UC Berkeley’s Center for Long-term Cybersecurity, more than 80% of organizations are using MITRE ATT&CK to determine gaps and model threats. Meanwhile, 45% say the lack of interoperability with their security products is their biggest challenge, and 43% cite the challenge of mapping event data to tactics and techniques. Our new solution tackles these issues head-on by offering security observability across the broadest range of operating environments, and mapping that data to MITRE ATT&CK for maximum visibility and threat remediation.”Learn more by requesting a demo at www.uptycs.com/live-demoAbout Uptycs
Uptycs provides a SaaS and on-prem SQL-powered security analytics platform for security analysts, site reliability engineers, incident response teams, and IT professionals to observe and secure their productivity endpoints (macOS, Windows), server endpoints (Linux, containers), and cloud providers. A growing number of enterprises are using Uptycs for comprehensive security visibility at scale. Common use cases include fleet visibility, intrusion detection, vulnerability management, audit, and compliance for their laptops, servers, and cloud workloads. Learn more about Uptycs: https://www.uptycs.com
- Catalogic Launches SaaS Platform to Protect Kubernetes Clusters
- Kasten Introduces Multi-Cluster, Multi-Tenant Kubernetes-Native Data Management in K10 v3.0