360 degree view of assets

360 degree view of assets

Get a 360 degree view of your data with Cybereason and dataBelt® integration

 

Data is an organisation's crucial resource, its life blood, its reason for being.  Thus if data is recognised as a critical resource, then it needs to be managed. It needs to be secure, clean, compliant.

 

The integration between Cybereason and dataBelt® brings together two complementary products - Cybereason for in-depth analysis of threats to your assets, and dataBelt® for deep understanding of your data.

Bringing these two enterprise tools together ensures both your security operations centre (SOC) and risk and compliance teams are aligned to any abnormal behaviours within your organisation. The Cybereason hunting engine provides an in-memory data store that performs streaming, adaptive entity correlation that pulls in millions of pieces of data every second, and maintains tens of milllions of relationships between the  data.

 

Cybereason and dataBelt 'Malop' real-time analysis: Working together to safeguard your data

Know the status of your data at all times.  DataBelt® links into your Configuration Management Database (CMDB) which allows the system to index all your organisation's configuration items (CIs).  So when your company has a security incident / event, you know precisely what data is impacted and the sensitivity levels of that data.  Understanding the data sensitivity during an incident is critical in assisting your security teams to prioritise the actions required for a successful outcome.

 

 

What is a 'Malop'?

A Malicious Operation or a 'Malop' is a complete story of a cyber attack - the full context analysts need to identify a security incident in their organisation. A Malop is a collection of related suspicious activities that are very likely to be part of a security incident. A Malop is designed to minimise the time analysts spend on investigating benign activities or false positives.

Read more about Cybereason.

 

When a Malop alert is triggered in dataBelt the system will follow the  procedures detailed below:

  • dataBelt® raises a case and alerts your compliance teams, identifying the CIs impacted
  • dataBelt® undertakes an impact assessment to ascertain the types of data held within the CIs (and hosts)
  • dataBelt® will then prioritise actions aligned to the sensitivity of data impacted - information in dataBelt will assist your security and operations teams in their prioritisation plan
  • Reporting this incident will be in real-time with the built in dataBelt® visualiser indicating any status changes of datasets, alerting compliance teams
  • Once a Malop is resolved the dataBelt® visualiser will return to original status, with alerts sent to the relevant teams.

data_0002_data-belt.png

 

+ More

Cybereason

Cybereason is a true unified security platform tool that has artificial intelligence (AI) and machine learning (ML) built within the application. With these capabilities your organisation will be able to defend faster and learn behaviour based detection quicker, ensuring you know that your data is safe and secure at all times.

Cybereason is an automated hunting engine tool that detects behavioural patterns across every endpoint and surfaces within your network operations. Cybereason's platform blocks known bad attacks and aggregates good and bad behaviour data so it can be mined and investigated in real time.

 

Cybereason Malicious Activity Model Overview

The models below cover the entire attack lifecycyle, allowing detection of infiltration, command and control, lateral movement, privilege escalation and damage. In order to detect incidents most effectively, Cybereason defines and organises the data it collects and analyses:

  • Facts

Facts are the raw information collected by the Cybereason sensors. Facts are detailed telemetry information used to determine changes in  processes, users, machines, memory, registry and any other events.

  • Evidence

Evidence is a collection of facts that the Cybereason Hunting Engine categorises as interesting, anomalous, or suggesting that an attack is underway. Without additional incriminating data though, evidence does not justify further investigation.

  • Suspicions

Suspicions are activities that the Hunting Engine identifies as more likely to be malicious. Sometimes these are activities that are independently suspicious, other times they are caused by aggregating multiple related pieces of evidence. The threshold for evidence to become a suspicion is deliberately low to minimise the likelihood of missing an attack.

  • A Malicious Operation or 'Malop'

This is a complete story of a cyber attack that full context analysts need to identify a security incident in their organisation. A Malop is a collection of related suspicious activities that are very likely to be part of a security incident. A Malop is designed to minimise the time analysts spend on investigating benign activities or false positives.

 

 

Cybereason_Logo_Mono_RGB.png

+ More

 

Learn more about how AiM and Cybereason work together.

 

contact.png Contact us