Is your SecOps team able to quickly determine which threats are of the highest risk to business through its current security stack? Efflux Analytics first fights alert fatigue by auto-correlating an attacker’s lateral maneuvers, from movement direction to type and sequence of tradecraft, and calculates a customizable risk score for the series of events. Efflux classifies each event into a Session and then produces the correlated series into a Narrative.
Efflux Analytics organizes both Narratives and Sessions by date/time in convenient overlaying tabbed panes and delivers critical info like data amount transferred, protocols used, and source and destination ports through these panes. Efflux continues to expand third-party integrations, so Narratives can be correlated with both Efflux’s proprietary analytics as well as other analytics available through your cybersecurity operations tech-stack. Within the Narratives pane, the tech-tool that triggers the Narrative is displayed, and the Session pane provides an overview of the tradecraft used by the attacker in each Session. Efflux Analytics puts the control back into the hands of your analyst and reverses the risk positioning the advantage in your company’s favor.
With Efflux Analytics, analysts are able to rapidly remove the typical barriers your cybersecurity tech-stack may be creating. Efflux Analytics was designed to intuitively connect to the analyst’s investigative process throughout the user experience. It delivers multiple insights that help your SecOps team promptly complete the questions of who, what, where, when, and how of a threat incident. Get a glimpse of the insights through the included Inspector pane as the analyst inspects the threat situation, or review deep context of node communication through the Host pane. Dig down below the surface with a simple click to query insights available across your tech-stack. Making the investigative process simple and natural for the analyst, ensures your SOC gets the most information to eradicate, remediate, or investigate the intrusion.
The Efflux Analytics Narrative Map draws the attack as threat activity takes place node by node, session by session. Attacker tradecraft is identified by icons to the right of each edge line, which maps an attacker’s lateral movement between involved nodes. Upon hover of a tradecraft icon, a legend cue slides out of the tradecraft totem to remind the analyst of the various types of tradecraft used within the Session.
The Efflux Analytics Narrative Map also clearly identifies external versus internal nodes and uses colors and patterns to easily understand different node types and customizable business unit categories. Want to auto-zoom into the areas of the map? With a click of a node, edge line, or Session listing, the view zooms where you need it to. Furthermore, map views can be exported as .PDF, .PNG, or .JPG file formats. The Narrative Map is easy to understand, allowing your analysts to efficiently and effectively determine the appropriate response to the threat incident.
Automated Analysis of Threat Actor Tradecraft
No matter the tool, method, or movement, there are humans behind every attack, methodically crafting their approach. This is the attacker tradecraft that Efflux Analytics helps your cybersecurity team to decipher and understand. But manual understanding isn’t good enough to compete with advanced cyber attacks, so Efflux learns tradecraft patterns to better correlate attacks that happen at across time.
Give your cybersecurity operations team the best chance to defend the network.
Contact us for a demo.