By Aabhas Lal, Director, Customer Success, Omesh Gulati, Director, MSSP Customer Success
Securonix is known for products like Next-Gen SIEM, UEBA, Open XDR, and SOAR… but have you heard of one of the newer additions to our portfolio, Autonomous Threat Sweeper (ATS)?
Security teams are under tremendous pressure to keep pace with the velocity of new and emerging threats. As cyberattacks continue to grow in breadth and scale, organizations need autonomous solutions that can assess the exposure to emerging threats on an ongoing basis. That’s why we’ve combined human-driven threat intelligence curation with autonomous and automated post-hoc detection to deliver the industry’s first autonomic rapid response solution.
Leveraging the latest research and threat content from Securonix Threat Labs, ATS automates many of the manual aspects of investigation. Our solution complements our Next-Gen SIEM and Open XDR offerings with autonomous sweeps of both historical and current data to detect and alert you to signs of compromise.
ATS’ robust feature set enables security teams to slash the time and resources needed to track and eliminate new and emerging threats by 50% or more. Let’s explore some of the most exciting benefits and features.
Stay ahead of emerging and developing threats
Security analysts are often overtaxed and too busy addressing day-to-day SOC activities to stay on the vanguard of emerging threat research. That’s why Securonix empowers your team to prioritize high-risk threats with continuously curated threat intelligence and automated reporting.
Feature | Curated threat advisories
Very few organizations have the resources available to dedicate personnel to conduct their own threat research and detection engineering on emerging threats. To empower security teams to keep up and stay ahead of adversaries and have peace of mind, Securonix Threat Labs actively monitors the threat landscape, combining primary threat research with curated community and commercial threat intelligence sources.
Feature | Threat awareness reports
Some threats can remain undetected and dormant in your environment for weeks, months, or even years. When new threats are discovered, it is essential to sweep not just your recent data, but your historical data too. ATS retroactively searches for threats and notifies you immediately if critical threats appear in your environment.
Quickly know your exposure
Indicators of compromise (IOCs) are not effective on their own at detecting unknown threats because they change frequently to avoid detection. For security teams, this means that not only do most IOCs have an expiration date, but they are also only effective for a limited and specific period of time. ATS solves this problem by enhancing your SIEM with the ability to detect low and slow threats through post-hoc detection of both IOCs and TTPs, extracted and codified by Securonix Threat Labs.
Feature | IOC detection mode
Searches for indicators of compromise to detect threat indicators hidden in your long-term, historical data.
Feature | TTP detection mode
Analyzes tactics, techniques, and procedures to identify indicators of action in the absence of prior knowledge about IOCs.
Accelerate cyber rapid response
In a SOC, where every second counts, rapid response is essential to mitigate cybersecurity threats. ATS helps security teams accelerate cyber rapid response with automated reporting, alerting, and incident creation. By continuously scanning your environment and curating intelligence on emerging threats, ATS helps security teams drive down their mean time to respond (MTTR) and prioritize the highest risk threats.
Feature | Automation
Security teams don’t have the bandwidth to manually search through historical data every time they receive a new threat advisory. ATS speeds up detection and response by executing queries and automatically sweeping your entire environment for signs of compromise. When a threat is discovered ATS automatically creates an incident and alerts analysts to investigate further.
Feature | Actionable insights
ATS helps lower skill set requirements and drive consistency by providing guidance on how analysts, senior and junior alike, can take response actions when a threat is discovered in your historical data. ATS reports provide detailed findings and guidance on what we found, and how we found it if IOCs and TTPs are detected.
Check it out!
This blog post just scratches the surface of what’s available in ATS. If you are a Securonix customer and want additional details, please reach out to your Customer Success Manager to learn more. Additionally, you can join us for our webinar and hear from our team as they walk through the value ATS provides.
If you’re not a Securonix customer, and you want to learn more, feel free to schedule a demo with our experts!