MixMode enhances Generative AI Platform to improve threat detection
MixMode has released its quarterly update for the Generative AI Platform.
Continuing to innovate with new features that drive threat detection and response capabilities in large data environments, the latest updates include expanded cloud data ingestion capabilities, including support for the ingestion of Identity Data, integrations with the MITRE ATT&CK Framework, and expanded deployments across cloud environments.
“Enterprise organizations continue to struggle with real-time detection capabilities in large data environments,” said Russell Gray, MixMode’s Head of Product. “MixMode continues to innovate and strengthen our platform capabilities to stand out from the competition.”
Highlights include:
Data ingestion capabilities: Most organizations use identity and access management solutions like Okta to address their operational needs. However, from a security perspective, 75% of organizations that forward identity log sources to their SIEM do not use them to detect threats. Now in BETA for Okta users, MixMode Identity Threat Detection continuously monitors an Okta environment and correlates behavioral, access, and log data to detect attacks and lateral movement in real-time. Additional identity data will continue to be added in the coming months.
Cloud capabilities: The MixMode Platform is the only solution that provides real-time threat detection for cloud environments, including Cloud Trail and Flow Logs, by monitoring API call activities and alerting users of any deviations from expected behavior. With this release, we’ve introduced a new analytic feature that tracks anomalous users for two weeks to assess ongoing risk. We’ve also updated our CloudTrail API dashboard to include highlighting indicators to show CloudTrail-specific details.
AI analytic updates: The MITRE ATT&CK Framework has become the de facto standard for understanding how attackers operate, providing a systematic approach to detect, prevent, and respond to threats effectively. MixMode continues to integrate the framework into the MixMode Platform, allowing users to view their alerts in the context of MITRE ATT&CK tactics, techniques, and procedures (TTP) across the enterprise matrix. Users can now view full details from the matrix in each TTP card and select a specific MITRE TTP when creating a task that surfaces an alert.
Additional insights and analytic enhancements have been made to improve usability, workflows, and enhanced investigation capabilities.