Contents:
The era of uncertainty is about to come to an end…
According to Gartner, by 2025, 80% of enterprises will have adopted a strategy to unify web, cloud services and private application access from a single vendor’s security service edge (SSE) platform. In acknowledging the cyber-defense market’s plea for a unified solution which can aptly balance threat-hunting, incident response, and advanced analytics, Heimdal® has pushed to release the Threat Hunting and Action Center, a cutting-edge solution engineered to handle SOC, CSIRT, Incident Response, and malware analysis workloads. The avant-garde threat-hunting/mitigation/response solution is powered by Heimdal®’s proprietary XTP engine, enabling faster incident response, via pre-computed risk scoring, whilst providing complete coverage of Microsoft 365 and Google digital environments, and beyond.
What is the Threat-Hunting and Action Center?
Heimdal®’s Threat-Hunting and Action Center is the centerpiece of a hybrid approach to cybersecurity, intermixing elements from key ‘defensescape’ functional areas such as information security, IT auditing & consulting, threat intelligence, digital forensics, data analysis, and compliance in order to engineer a solution proficient at covering all conceivable attack vectors including, but not limited to spam, suboptimal credential generation, storage & management, Insider Threat, certificate theft, denial of service, physical theft, regulatory incompliance, data destruction, misconfiguration, IP leakage, and, phishing.
Furthermore, the platform’s multi-pronged cybersecurity approach empowers customers to protect all attack surfaces, from infrastructure to applications, endpoints, IoTs, Cloud, supply chain, and everything in between.
The solution is powered by the Extended Threat Protection (XTP) engine, Heimdal®’s retort to outstanding threat detection, prevention, and mitigation. XTP moves beyond file- and behavioral-based analysis, ushering in the era of evidence-based threat-hunting.
This achievement was made possible by imbuing our Threat-Hunting and Action Center solution with SIEM (i.e., Security Information and Event Management) and SOAR (i.e., Security Orchestration, Automation, and Response) capabilities, crucial assets in detecting and mitigating the aftereffects of next generation malware.
Heimdal®’s platform explores and addresses three main malware-hunting & mitigation pain-points:
Visualize
Gear up your security teams with pre-computer risk scores, advanced threat indicators and multi-vector attack analysis, granting them with the insights to jump straight into action. Reduce alert fatigue and cancel grey noise to fuel efficiency in security operations.
Gain access to actionable threat reports complete with advanced visualization charts and granular view, compile relevant data in an accessible, expert-free SOC, and simulate threat scenarios before they hit your network all from an entirely secure environment.
Features:
- Threat Telemetry View Visualizer – your visual storyboard grouped by endpoints/hostname and risk severity.
- Risk Scoring – pre-computed trending and frequency analyser.
- Categorized Events – classified by CVSS-spun severity (i.e., Critical, High, Medium, and Low).
Hunt
Powered by our XTP Engine and integrated with the award-winning Heimdal suite, our platform’s threat-centric view allows IT admins and security teams to detect and track down anomalous behaviour and malicious activity at a device level, complete with associated risk scores by leveraging our proprietary threat intelligence and the MITRE ATT&CK framework.
Features:
- Threat Hunting – deep-ding into groups and hosts that have indicators of compromise (IoCs) across the network and track-down IP locations.
- Threat Investigation – advanced intel including health, risk scores, and more.
- Deep Analysis – our threat-engine aids further investigation/forensics efforts with contextualized detection details including process mapping.
Action
The platform’s Action Center empowers security teams to take quick decisions on the fly, with the ability to one-tap execute commands such as scanning, isolation, and more while further investigating incidents or threats.
Features:
- Remediation – deep intel to review, resolve, aid responders or action a response straight from the suite; complete with logged activity trail and notes.
- Action controls – quick access to detection, remediation action log, audit trails, and recommendations.
- Protection Stats Reporting – areal-time at-a-glance widget that indicates risk levels across the Heimdal activate suite.
Who is this solution designed for?
Security Leaders – CISOs, CIOs and Security Managers (i.e., Directors, Heads and similar counterparts) to get a birds-eye-view risk evaluation and bring security metrics at the Board-level.
SecOps & IT admins – out-the-box, plug-and-play platform with pre-computed threat intelligence grants your security team the right action set to contain, eliminate, or mitigate any type of cybersecurity incident.
Solution providers such as MSP/MSSPs – onboard, manage and monitor/protect multiple customers on a single platform. Scale operations by adding manpower and expanding offerings portfolio for increased revenue.
Conclusion
The Heimdal® Threat-Hunting and Action Center is a revolutionary platform that is fully integrated with the Heimdal solution suite. Designed to provide security teams with an advanced threat-centric view of their IT landscape, the solution employs granular telemetry to enable swift decision-making, using built-in hunting, remediation, and actioning capabilities – all managed from the Heimdal Unified Security Platform.
To see this state-of-the art solution in action, please request a demo here
- Granular telemetry across endpoints and networks.
- Equipped with built-in hunting and action capabilities.
- Pre-computed risk scores, indicators & detailed attack analysis.
- A single pane of glass for intelligence, hunting, and response.