Overview

The Cybereason Defense Platform introduces the MalOp™ (Malicious Operation) technology, a groundbreaking approach to cybersecurity that shifts the focus from isolated alerts to a holistic view of attack operations. Traditional security systems often overwhelm analysts with numerous uncorrelated alerts, leading to alert fatigue and potential oversight of critical threats. MalOp™ addresses this challenge by automatically correlating and contextualizing all elements of an attack into a single, comprehensive view, enabling security teams to detect, understand, and respond to threats more efficiently and effectively.

Features and Capabilities

• Operation-Centric Detection: Moves beyond traditional alert-centric models by presenting the complete narrative of an attack, correlating all related malicious activities across endpoints into a unified view.
• Cross-Machine Correlation Engine: Utilizes advanced data analytics and machine learning to ingest and analyze vast amounts of telemetry from endpoints, networks, and user identities, providing deep visibility into attacker movements.
• Comprehensive Attack Storyline: Offers an intuitive display of the attack's root cause, impacted users and machines, incoming and outgoing communications, tools used by attackers, and a detailed timeline, all within a single screen.
• Automated Root Cause Analysis: Identifies the initial malicious activity that triggered the suspicion, such as spear-phishing attempts or anomalies in user authentication, and maps it to the MITRE ATT&CK framework for standardized understanding.
• Impacted Assets Identification: Automatically correlates all users and machines involved in the malicious operation, providing a clear scope of the attack's impact and aiding in comprehensive response strategies.
• Network Traffic Analysis: Highlights all relevant network traffic, including suspicious connections, command-and-control communications, and data exfiltration attempts, offering insights into both inbound and outbound malicious activities.
• Attacker Tools Recognition: Detects and reports on the tools and techniques employed by attackers, whether they are known penetration-testing frameworks, living-off-the-land binaries, or off-the-shelf remote access tools, providing insights into the adversary's methods.
• Detailed Attack Timeline: Presents a chronological, visual replay of the entire operation, allowing analysts to understand the sequence of events, attacker movements, and methods used, thereby reducing the time required for manual log analysis.
• MalOp™ Severity Score (MOSS): Assigns a criticality score to each MalOp™ based on behavioral attributes and expert analysis, enabling security teams to prioritize responses effectively.
• Extended Response Capability: Automates the remediation process for critical threats, allowing for rapid detection, triage, and remediation, thereby reducing the adversary's window of opportunity.
• Mobile Accessibility: Empowers defenders to respond to threats at any time from anywhere through a mobile application, providing instant access to MDR dashboards, active MalOp™ details, and 24x7 support from the Cybereason Global SOC.