Uptycs announced a robust update that enhances detection and investigation for on-premises and cloud workloads. The new capabilities enable the continuous capture of rich host data for Linux, Windows, macOS, and containers, as well as cloud provider data for AWS —to ensure the broadest detection coverage possible.
Security analysts can now quickly prioritize, validate, and investigate important detections based on their provided mapping to the MITRE ATT&CK framework.
An accelerated shift to the cloud—i.e., cloud solutions and environments—combined with a persistent and expansive remote workforce is broadening the attack surface, leaving enterprises open to a greater risk of exploitation and breaches.
In order to offset these risks, security teams need connected insight across hosts, containers, and cloud providers in order to prioritize, detect, investigate, and mitigate potential threats.
“SOC teams are bombarded with alerts on a daily basis, yet they lack the context to understand which to prioritize,” said Ganesh Pai, CEO, Uptycs.
“They also suffer from visibility gaps because they cannot get host-based data from certain systems, can’t capture ephemeral workloads, or lack visibility into their cloud provider services. This can weaken detection capabilities and make it exponentially more difficult to conduct timely investigations.”
With Uptycs’ detection and investigation solution, SOC teams can:
- Collect a wealth of host data across Linux, macOS, Windows, and container environments to gain the broadest security visibility for detection and investigation on-premises and in the cloud.
- Gain insight into which detections they should prioritize, saving time wasted on potential false-positive alerts. New updates to composite threat scores, a process graph for attack chain visualization, and signal mapping to MITRE ATT&CK make this possible.
- Get a head start on investigations with all the signals (events and alerts) associated with a detection already pieced together. Analysts can use the investigation and real-time query capabilities in the Uptycs platform to understand the scope and severity, and to start work on remediation.
- Perform forensic investigation based on historical machine state, including for cloud workloads that are no longer in production. This is important for containers and VMs that may only run for hours or minutes.
- Proactively reduce the attack surface by detecting operational risks, such as misconfigurations and vulnerabilities, in addition to known threats within the same platform.
Pai adds: “According to research by UC Berkeley’s Center for Long-term Cybersecurity, more than 80% of organizations are using MITRE ATT&CK to determine gaps and model threats. Meanwhile, 45% say the lack of interoperability with their security products is their biggest challenge, and 43% cite the challenge of mapping event data to tactics and techniques.
“Our new solution tackles these issues head-on by offering security observability across the broadest range of operating environments, and mapping that data to MITRE ATT&CK for maximum visibility and threat remediation.”