Cybereason's New Unified MalOp Dashboard

Cybereason is excited to announce a new unified Malop Dashboard

As cyber threats continue to evolve, Security Operations Center (SOC) teams face immense challenges in protecting their organizations. To be successful SOC needs not only the right technology but effective leverage of people and processes. To help SOC teams stay ahead of the curve, Cybereason introduces a unified dashboard designed to provide additional insights into emerging threats, operational metrics and provide insights to continuously improve SOC processes and procedures.

• Focus on urgent issues with situational awareness: With an at a glance view of threats impacting an organization, SOC can quickly get a broad understanding of threats and quickly focus on more urgent ones. 

• Provides real-time visibility into the nature of threats based on MITRE classification of Malops and corresponding Severity automatically calculated by Cybereason system based on underlying risk.

• Helps understand the impact of  threats with total affected users, machines etc. 

• Track operational Metrics & Trends: SOC can track how they are dealing with the impending threats, which is essential to maintain and improve their efficiency.

• KPIs such as Mean Time To Repair (MTTR) is a critical metric for SOC, dashboard provides how the MTTR is for the current period and how it is trending compared to the prior period. 

• Line chart of  Closed vs Total Malops helps to understand if the outstanding issues gap is closing or widening.

• Continuous improvement: Dashboard not only provides insights into current threats but provides insights into issues over a longer period by leveraging Cybereason’s Data Platform.

• By analyzing the collected data, SOC teams can identify gaps in their processes and take appropriate steps to optimize their performance.

• Understand if SOC is using the system effectively, for example, are you leveraging Prevention capabilities in NGAV engines?

Key feature highlights of the dashboard include:

• • Comprehensive visibility into EDR as well as the various NGAV detections. Cybereason platform has many NGAV detection engines such as Ransomware, Fileless Protection and Known and Unknown malware detections.

  • Actionable dashboard is not about just charts but designed to help take actions

    • Drill-downs provide the ability to go to the next level of details to triage, investigate and respond. For example, by clicking on the MITRE tactic in the graph, analysts can look at the specific Malops in that category and act on the most severe Malop first in that category.

    • Trends: Understand how the key metrics are trending compared to the prior period? For example, how many Malops were automatically prevented by the Cybereason system compared to the last period, how many new Active Malops were created compared to last period.

    • Time Filters: With the time based filter analysts can not only look at the current period but also look back for long term trends with the power of Cybereason Data Platform.

    • Filter by Type: SOC can focus on specific threats for example, Ransomware and how they are trending

  • Federated

    • Focus on specific administrative domain by selecting a group of devices

Cybereason’s comprehensive and unified real-time EPP Overview Dashboard for SOC teams is an indispensable tool that offers a 360-degree view of the threat landscape, visibility into operational metrics, and insights for continuous improvements. Dashboard is actionable and helps SOC teams stay ahead of cyber threats and continuously enhance their performance.

Malop

Cybereason MalOp (short for "Malicious Operation") describes a malicious operation, a sequence of actions taken by an attacker to achieve a specific goal. Value of MalOp is to provide a visual representation of the full attack enabling SOC analysts to quickly understand and respond to threats, helping organizations to protect their assets and minimize damage from cyber-attacks.

written by ram golla
Principle Product Manager at Cybereason