See the latest updates on the Log4j vulnerability. Read More ➞
Detect and Hunt

Accelerate Detection and Response and Build a Threat Hunting Program with new GreyMatter Capabilities

Today we’re introducing a new set of capabilities in our GreyMatter Open XDR-as-a-Service platform that allow security operations teams to improve detection, threat hunting and ease of management for the platform. These new features address some of the biggest challenges for security programs, most notability that in spite of investments in multiple tools, security operations teams cannot detect, investigate and respond to attacks at the pace of their adversaries.

A primary reason for this is the lack of a unified workbench and the need to hop from tool to tool, collecting data. In many cases, already resource-stretched teams are in constant fire drill mode and focused on reacting to alerts rather than proactively hunting for threats.

The new enhancements to GreyMatter address these issues to improve analyst productivity and efficiencies and better overall enterprise security posture:

Detect:  GreyMatter extends the ability for analysts to see, in an instant, what their coverage is versus gaps against industry standard frameworks like MITRE ATT&CK and Kill Chain.  By understanding your coverage, you are now able to take tangible actions to improve your security posture.  In addition, analysts can drill down into a specific detections to understand how a rule was triggered.  This allows them to gather the right contextual information for further investigation and analysis, from within the context of the specific detection.



Hunt:  Proactive threat hunting capabilities are geared towards helping analysts manage overall risk better.  With field-tested hunt packages – developed and backed by our security experts – analysts gain not only efficiencies but reliability and consistency as well.  GreyMatter reduces complexity by enabling analysts to run additional queries from within a hunt campaign, outside of the original parameters, thus reducing the need to pivot to other tools.


Single Sign On:  Customers can now integrate GreyMatter into their SSO (any IDP that is SAML 2.0 compatible) to improve security and simplify access while reducing complexity of managing GreyMatter in their environment.   This reduces the administrative overhead of managing separate accounts but provides administrators a consistent report on access activities.

The goal of GreyMatter is to help improve security operation efficacies, reduce complexity and streamline operations so you can manage risk and protect your assets better.

All these capabilities are now generally available in the GreyMatter platform and customers can start using them today.  Ask your Customer Success Manager if you have more questions. If you’d like to know more about the GreyMatter Open XDR-as-a-Service platform, please contact us for a demo today.


More Articles

3 Things Every CISO Needs to Know About Automated Threat Hunting Tools

Updated June 2021 Every industry is susceptible to data breaches and malicious cyber-attacks. Large enterprises are more at risk due to their size and complexity. For example, financial institutions are trusted to be custodians of private financial information, including tax, ledger, and account related details, while security teams in the healthcare industry have to secure […]

Tips for Security Teams to Quickly Detect and Investigate Phishing Threats

Phishing is one of the most scalable and successful attack techniques used by threat actors. According to Retruster, phishing accounted for 90% of data breaches in 2019 and the prevalence of phishing attacks is growing by 65% annually.  Now, phishing has become an increasingly bigger threat due to the COVID-19 pandemic. This blog covers detection […]