What is Attack Tracing & Intercept (ATI)?

Security analysts are challenged to quickly identify false positives and to retrace the steps of credible attacks.

 

ATI presents the causally connected activities that precede and follow the moment an attack is detected, across systems, users, and time, to radically compress investigation time.

Fast: Immediate, focused view of  activities leading to and following your alerts

 

Accurate: Causal activity based on ground-truth data

 

Complete: Captures the entire attack across systems, users, and extended time periods

What is this alert?

From your existing alert centers (e.g. SIEM, NGFW, CWP, etc.), ATI helps you immediately identify false positives versus live attacks.

What is this threat?

Investigate any alert with a complete view of the attack to quickly understand its entry point and scope, replacing manual steps to figure out what happened before and after.

What is happening?

Your spidey-sense is tingling!  Quickly identify issues on a system, or with a user, or an application,by viewing causal activity.

Screen Shot 2021-06-24 at 2.28_edited.pn

Ground Truths: A system-level transaction between an application and the operating system. Examples: A process initiates, a network connection is received, a file is accessed

Causal Connections: A causal relationship between ground truths (e.g. What caused what to happen). Examples: Process A launches Process B.  Process B receives a network connection and launches Process C.  Process C reads a file.

The Operations Plane: Live graph of all causal connections across every ground truth as they occur

Spyderbat fuses third-party security alerts and context to the Operations Plane in real-time, instantly identifying:

False Positives

Screen Shot 2021-06-24 at 2.37_edited.pn

An alert with no causal outcome

The full attack steps of true positives

Screen Shot 2021-06-24 at 2.47_edited.pn

A focused view on causal activity preceding and following an alert, including other alerts

Would-be false negatives

false negative_edited.png

An alert initially deemed a false positive or ignored with subsequent causal activity

Resources

3-Min Video

No Registration Required

No Longer Worry About What is Missing

In this video, learn:

  • What is the Detection and Response Chasm

  • How Attack Tracing & Intercept captures critical details by their Causal Connections

  • How the ATI Operations Plane proactively works to create fast, accurate, and complete attack traces

Attack Tracing & Intercept: Fast and Accurate Investigation Automation

 (13 min read)

Whitepaper

No Registration Required

On-Demand Webinar

No Registration Required

The Impact of Attack Tracing & Intercept on Security Investigations

A discussion with: