SS8, which provides breach detection software, has announced the latest version of its BreachDetect technology which makes advanced threat detection and investigation capabilities accessible to enterprise security and IT administrators.
According to SS8’s 2016 Threat Rewind Report, in all the network risk assessments it conducted last year SS8 found evidence of traffic tunneling, DNS-related exfiltration, and malformed protocols in outbound traffic, although none of the organizations were aware at the time that their networks had been breached.
BreachDetect, available as a subscription service, helps organizations to proactively monitor their networks for indicators of compromise and devices of interest associated with an undetected breach.
The updated solution now provides a new timeline view of the cyber kill chain – the different stages of cyberattacks. The view also includes severity-ranked alerts with threat descriptions to improve breach detection for users without forensic investigation expertise.
With the average breach going undetected for more than 200 days, it has become essential to understand the full lifecycle of an attack when investigating a threat, says SS8. By clicking on a threat tile within SS8 BreachDetect, the company says, users gain an end-to-end, timeline-based view of the entire cyber kill chain for each device-of-interest. Activity is displayed on the timeline according to the stage of the cyber kill chain, including reconnaissance, delivery, exploitation, command and control, actions, and any other activity associated with the threat.
SS8 BreachDetect uses software sensors to generate and store months, and years, of enriched high-definition records (HDRs) from network communications. This HDR data is sent to SS8’s Learning Analytics engine where it is enriched with user information and the latest threat intelligence, and analyzed against past, current, and future network activity to detect any previously unidentified breaches.