SS8 BreachDetect Uses 'Time Machine' to Unravel Cyber Kill Chains
No forensics experience? No problem. BreachDetect uses new timeline views and plain-language explanations to unmask breach attempts.
Following last June's release of its security analytics and breach detection platform, and just days before next week's RSA Conference in Las Vegas, SS8 has added new timeline views to the company's fittingly named BreachDetect product.
BreachDetect tackles one of the biggest challenges faced by security teams nowadays: visibility. Given the complexity of today's IT infrastructures and application environments, not to mention the sheer variety of devices connected to enterprise networks, it's no wonder that sophisticated cyberattacks can often go undetected for months.
"With the average breach going undetected for more than 200 days, it's essential to understand the full life cycle of an attack -- from reconnaissance, to command and control, to data exfiltration -- in order to identify the systems and data that have been compromised," Faizel Lakhani, president and COO of SS8, told eSecurity Planet. "Obtaining this level of information has historically been a challenge on a per-device basis due to a lack of visibility into network and application activity, and the lack of forensic expertise available to investigate attacks."
To remedy this, SS8 has added new views that turn the oftentimes subtle stages of a cyberattack, or the cyber kill chain, into glaringly obvious timelines that help IT departments stop a breach in its tracks.
"SS8 BreachDetect simplifies the life of the security analyst by providing automated analysis and point-and-click visualization into each device-of-interest to provide an end-to-end view of the movement of an advanced attack," Lakhani said. "This eliminates manual data collection and hunting required to uncover activities that requires immediate, deeper investigation."
Better still, BreachDetect's ability to provide natural language explanations for complex security events means that users don't have to be forensics experts to help keep their organization's systems and data safe. The capability was inspired, in part, by SS8's long history of working with some three-letter agencies.
"Our experience working with large intelligence agencies and law enforcement organizations has enabled us to become packet intelligence experts and develop simplified workflows for use by enterprises to detect breaches. Cybersecurity expertise is in high demand and short supply," said Lakhani.
"As a result, many of today's organizations lack the depth of security expertise needed to hunt down and investigate advanced threats," Lakhani continued. "With the natural language explanations built into the SS8 workflow, we are putting the power of advanced breach detection in the hands of security without requiring a cyber-security experts."
In short, users with even a modicum of technical talent can be enlisted to help defend of their networks. "SS8 enables an IT or security generalist to understand the lifecycle of an attack, without having to parse cryptic logs and other complex alerts to detect and stop a breach before an exfiltration event occurs," said Lakhani.