Cybereason launches DFIR solution to automate incident response

Endpoint protection vendor Cybereason has launched a new incident response (IR) solution to streamline and automate IR investigations. Digital Forensics Incident Response incorporates nuanced forensics artifacts into threat hunting, reducing remediation time by enabling security analysts to contain cyberattacks in minutes, the firm stated in a press release. The release comes in the wake of new research that discovered a drop in global attack dwell times as organizations and their partners improve their incident detection and response capabilities.

Cybereason DFIR driven by forensics for deeper defense value

According to Cybereason, the new solution offers forensic-driven incident response that extends deeper value to defenders. By augmenting its existing MalOp Detection Engine with intelligence from DFIR, security analysts can leverage comprehensive detections from root cause across every impacted asset via a central point, the vendor added. As a result, security teams can quickly gain visibility into a wider range of intelligence sources to enable rapid decisions and remediate threats more efficiently.

Cybereason said the solution includes forensic data ingestion, live file search, and IR tools deployment capabilities. “Cybereason DFIR enhances the performance of the Cybereason XDR Platform in our customers’ environments enabling security analyst teams to detect, identify, analyze, and respond to sophisticated threats before adversaries can inflict harm, and when needed, conduct a thorough post-mortem analysis of a complex incident,” commented Cybereason CTO and founder Yonatan Striem-Amit.

Capabilities bolster an already improving incident response space

The capabilities included within DFIR look set to bolster an already improving threat detection and response space. For example, Mandiant’s M-Trends 2022 report discovered that global median dwell time, which is calculated as the median number of days an attacker is present in a target’s environment before being detected, decreased from 24 days in 2020 to 21 days in 2021 within global organizations. With DFIR, businesses can benefit from several features designed to streamline investigative IR processes, Cybereason said. These include:

• Tailored remediation actions that analysts can perform directly from the investigation screen
• Commands that can be executed directly on hosts with remote shell and real-time response actions
• Attack path tracking to reveal and analyze tactics, techniques, and procedures (TTPs)
• File collection to investigate relevant files and forensic artifacts of interest
• Automation of most aspects of incident investigation and updating of Level 1 and 2 analyst capabilities to perform complex forensic tasks
• Support from Cybereason services teams on investigations, breach recovery, forensic audits, and deep-dive analysis