Today we’re introducing a new set of capabilities in our GreyMatter security operations platform that allow security operations teams to improve detection, threat hunting and ease of management for the platform. These new features address some of the biggest challenges for security programs, most notability that in spite of investments in multiple tools, security operations teams cannot detect, investigate and respond to attacks at the pace of their adversaries.
A primary reason for this is the lack of a unified workbench and the need to hop from tool to tool, collecting data. In many cases, already resource-stretched teams are in constant fire drill mode and focused on reacting to alerts rather than proactively hunting for threats.
The new enhancements to GreyMatter address these issues to improve analyst productivity and efficiencies and better overall enterprise security posture:
Detect: GreyMatter extends the ability for analysts to see, in an instant, what their coverage is versus gaps against industry standard frameworks like MITRE ATT&CK and Kill Chain. By understanding your coverage, you are now able to take tangible actions to improve your security posture. In addition, analysts can drill down into a specific detections to understand how a rule was triggered. This allows them to gather the right contextual information for further investigation and analysis, from within the context of the specific detection.
Hunt: Proactive threat hunting capabilities are geared towards helping analysts manage overall risk better. With field-tested hunt packages – developed and backed by our security experts – analysts gain not only efficiencies but reliability and consistency as well. GreyMatter reduces complexity by enabling analysts to run additional queries from within a hunt campaign, outside of the original parameters, thus reducing the need to pivot to other tools.
Single Sign On: Customers can now integrate GreyMatter into their SSO (any IDP that is SAML 2.0 compatible) to improve security and simplify access while reducing complexity of managing GreyMatter in their environment. This reduces the administrative overhead of managing separate accounts but provides administrators a consistent report on access activities.
The goal of GreyMatter is to help improve security operation efficacies, reduce complexity and streamline operations so you can manage risk and protect your assets better.
All these capabilities are now generally available in the GreyMatter platform and customers can start using them today. Ask your Customer Success Manager if you have more questions. If you’d like to know more about the GreyMatter Open XDR-as-a-Service platform, please contact us for a demo today.