17 May Bricata Releases New Advanced Threat Hunting and Detection Capabilities
Latest Version Continues Focus on Integration within the Cybersecurity Ecosystem; Provides Improved Policy Management, Alert Data Quality and High-Speed Packet Capture
May 17, 2017 – Columbia, Md. – Bricata, Inc, announced today it has released the latest version of its next-generation intrusion detection and prevention solution, which now includes threat hunting and new features providing more advanced detection. The newest release introduces better cybersecurity policy management, enriched threat alert data, and performance improvements for high-speed packet capture capabilities. The product enhancements also provide an improved visual presentation and simplified workflow that enables large organizations to quickly identify threats and hunt them down for remediation.
The overall improvements enable cybersecurity professionals to be better focused on threats that are truly relevant and important, given traditional tools often surface an overwhelming volume of alert data. For example, the solution looks at threat data from several perspectives and uses those different vantage points to enrich the metadata around alerts and presents the information visually. This delivers important context that enables analysts to distinguish real threats from the noise.
“One of the biggest challenges in security operations centers is the deluge of alerts – much of which is often technically true but largely irrelevant,” said Bricata CEO John Trauth. “What we’ve been able to do here is look at the same threat with three very different detection engines, in order to understand the context and present it in a way that’s easy to understand. This is inherently valuable in driving informed cybersecurity decision-making.”
The newest version also completes the integration with the Cylance “conviction” engine, which leverages artificial intelligence and machine learning to provide zero-day protection. This adds to the existing methods Bricata already uses, including pattern detection and signature analysis – and behavioral anomaly detection and scripting for new threats.
Among the many updates in the latest version of the Bricata solution are the following:
- Simplified policy management. The dynamic nature of threat intelligence means cybersecurity policy management must be easily adaptable. The new release provides a simplified way to manage those policies and the associated workflow, which in turn directs finite attention on the real threats.
- Enriched alert data. Cybersecurity professionals can add metadata to alerts through customs scripts. This provides the flexibility to define the most contextually relevant information to alerts around assets, attacks, attackers, attack campaigns, targets, exploits and other attributes that enable a team to more quickly understand the severity of a threat.
- High-performance packet analysis. The solution is powered by a multi-threaded engine, optimized for modern hardware selected to support sustained rather than bursts of high throughput. This means the Bricata appliance inspects traffic at line speed, minimizing packet loss. Packet capture enables forensic analysis on recorded data – to go back and hunt for threats when newer behavioral anomaly models become available. Users can choose whether or not to use the appliance in detection or prevention mode.
As a best-of-breed solution, Bricata is vendor-agnostic and fundamentally engineered to integrate well with existing security tools in the enterprise environment. For example, enriched alert data provides a better and more reliable signal to feed SIEMs for performing security analytics.
“Integration is the underlying philosophy behind the Bricata solution because no vendor can solve the cybersecurity challenge alone – and no customer wants to be entirely dependent on a single provider,” added Trauth. “It’s incumbent upon all of us to be good citizens in the grander cybersecurity ecosystem of tools designed address the perpetual quantity of emerging threats.