Securonix, Inc., a leader in modern SIEM, announced an analytics and threat hunting content package that leverages the MITRE ATT&CK framework as a standard for predicting, detecting and investigating advanced cyber threats. The updated content includes 350+ use cases that are mapped to 100+ MITRE ATT&CK and PRE-ATT&CK techniques. The content will be integrated into the Securonix threat library version 6.3 for automated delivery and deployment to existing and new customers.
Cyber security today is a big data problem. With the increasing noise in the environment, it has become more challenging than ever to identify actionable threats and the storyline behind them. With the integration of the MITRE tactics, techniques and procedures (TTPs) into Securonix threat chains and threat hunting query workflows, Securonix is able to filter through the noise and prioritize the highest risk threats eliminating the manual work needed for analysts to correlate and investigate low value alerts.
“Frameworks like MITRE ATT&CK empower security teams with the techniques to quickly detect and investigate advanced threats,” said Umesh Yerram, Chief Data Protection Officer at AmerisourceBergen. “With the Securonix packaged content not only are we getting out of the box threat detection capabilities, but our threat hunting team is also getting pre-built queries to investigate and analyse indicators of compromise (IOCs) to detect and remediate the root cause of threat.”
Securonix MITRE-based content includes IOCs and threat chains that are aligned to the 12 stage MITRE kill chain and the individual TTPs within each stage. With the threat chain-based models, Securonix is able to automate the MITRE kill chain to not only detect complex slow and low attacks but also predict such future attacks based on leading indicators and patterns.
The Securonix Spotter capability provides rapid and scalable text-based searching and hunting. By incorporating MITRE-based search queries Securonix enables security teams to easily and rapidly hunt for IOCs in their environment by data source and across current and historical data in order to quickly identify and mitigate any resident threats.
“As an analytics-first company, Securonix is committed to staying at the forefront of innovation when it comes to advanced threat detection and response,” said Tanuj Gulati, CTO of Securonix. “Our threat research team has been actively collaborating on this with customers and industry experts. With this packaged content we are able to pass the benefits on to our customers to gain rapid visibility into hidden threats and take proactive actions to contain and eradicate any loss.”
Securonix is redefining SIEM using the power of big data and machine learning. Built on an open Hadoop platform, Securonix Next-Gen SIEM provides unlimited scalability and log management, behaviour analytics-based advanced threat detection, and automated incident response on a single platform. Globally, customers use Securonix to address their insider threat, cyber threat, cloud security, and application security monitoring requirements.