Attacks are a human problem. They’re caused by humans, and they can only be truly defeated by humans. The expert analysts working in our SOCs live and breathe attacker behaviour every day. As they identify new threats, they’re looking for signs that can help detect such activity in the future, even earlier in the attack chain. We are continually turning their knowledge into useful, actionable detections known as Attacker Behavior Analytics.
Attacker Behavior Analytics are pre-built detections modelled around our wide array of threat intelligence. If our analysts identify a novel attacker technique, they can contribute an ABA detection and push it out to be matched against your data the very same day.
Attacker Behavior Analytics doesn’t just provide more detections, it shares the expertise of our analysts through curated threat intelligence and investigation recommendations.
What Do These New Detections Cover?
Attacker Behavior Analytics exposes the finite ways attackers gain persistence on an asset, and send and receive commands to victim machines. This identifies:
- Malware, malware droppers, maldocs, and fileless malware (opportunistic & targeted)
- Cryptojacking: Stealing CPU cycles to mine cryptocurrency
- Pen testing & attack tools
- Suspicious persistence
- Anomalous data exfiltration
- New attacker behaviour
This augments the user behaviour analytics & deception technology you rely on today. With ABA, you get faster detections that take full advantage of our comprehensive data collection and added context direct from our analysts fighting the same good fight.