Expanding The Response and The Advanced Automated Threat Hunting with Open DXL

Today every person is talking about the automation of security. However, what are the right actions and processes to automate safely? What are the right actions and processes to automate that will actually achieve some outcome of the security, such as improving the efficiency of sec ops or reducing attacker dwell time? Just look in the newest industry report and you will definitely find a statistic about how much long attackers actually linger in a particular network without detection. It is getting much better, but the average is still majorly in favor of the attacker.
One of the reasons why all the attackers are so successful at maintaining the entire persistence is that most companies struggle to make much effective use of threat intelligence. Making much effective use means taking the volumes of threat intelligence data, Indicators of Compromise (IOCs) that are primarily technical, hunting for affected computer systems with those IOCs, and then adapting various countermeasures to contain the whole incident or just update the security. These critical tasks, validating and collecting intelligence, performing triage, and adapting various cyber defenses to contain the whole incident must be automated if we ever want to get ahead of all the attackers.
Intelligent Security Operations solution automates of McAfee a lot of key threat hunting tasks. In this particular solution, McAfee Advanced Threat Defense (ATD) software program, a malware analytic software system, produces the local IOCs based on submissions of malware from the network and endpoint sensors. It automatically shares the modern intelligence with Enterprise Security Manager (ESM) of McAfee for automated analysis that is quite historical, with the Active Response component of McAfee Endpoint Threat Response and Defense (ETDR) for real-time endpoint analysis, and along with McAfee Threat Intelligence Exchange (TIE) for containment that is automated at the network or endpoint.
However, would not it be actually very great if we could automate incident containment and hunt for all threat intelligence, not just hashes of the file? We can expand the entire capability of the Operations solution of Intelligent Security to handle a lot more intelligence and automate more incident tasks of the response using the power of OpenDXL.
Consolidate Threat Intelligence Collection together with MISP and OpenDXL
Organizations require threat intelligence from three multiple different sources:
  1. Global intelligence from various vendors or large providers.
  2. Community Intelligence from various sources that are closed, and
  3. Global enterprise, or Local-Produced
Local threat intelligence, typically produced by malware sandboxes, for instance, McAfee Advanced Threat Defense (ATD) software program, or learned from investigations of the previous incident, generally relates to attacks targeted at the firm or enterprise and would not be completely visible through other feeds of external intelligence. Large organizations typically consolidate these particular feeds inside a platform of threat intelligence to simplify the entire management, processing and sharing of the information and data.
Robert Williams is a self-professed security expert; he has been making the people aware of the security threats. His passion is to write about Cybersecurity, malware, social engineering, Games,internet and new media. He writes for mcafee products at mcafee.com/activate and www.mcafee.com/activate.
Source- https://mmcafeecomactivate.com/blog/expanding-the-response-and-the-advanced-automated-threat-hunting-with-open-dxl/
Location: Plano, TX, USA

Comments

Post a Comment

Popular posts from this blog

Fix MS Office Error Code 0xc004f074 Quickly

Image
The MS office error code 0xc004f074 can persist due to several reasons. It’s an activation error that commonly persists when the customer Key Management Server (KMS) is unavailable to activate installations of MS Office. It can also persist when the date and time in the device is not in sync. If two different versions of  MS office  versions say 2010 and 2013 are co-hosts on the same server, then also this issue can crop up. To troubleshoot MS Office Error Code 0xc004f074 quickly Deactivate then Activate the DNS Host This error happens if the DNS host publishing does not update to its latest version. The ideal solution to resolve this error or issue is to deactivate and then activate the DNS host publishing. In order to do this, follow these steps below. Press Windows + R keys from your keyboard. This will open the Run dialogue box. Within the Run dialogue box type the command Regedit and click on Enter. This will launch the Registry Editor window. Inside the ‘Regis...
Read more

Various Ways to Fix McAfee Error 76567

Image
McAfee is a well-known Antivirus that is used worldwide by individuals looking to protect their PC from malware, spyware, and viruses. Though many a time while installing the Antivirus, the  McAfee Error 76567  occurs. It is a frustrating issue as it delays the process. Moreover, the Error 76567 is one of the most critical issues and it requires an immediate fix. The longer this issue persists in the system, the more it can harm the device. Get to know more about McAfee Error 76567 In case the Error 76567 occurs while you are using the McAfee security product, there is no need to worry. Generally, this error takes place when the downloading of McAfee Antivirus product is done over an unstable internet connection. The fluctuation in the internet network interrupts the installation process of the McAfee Antivirus product. On top of this, if the downloaded files are faulty and a person still continues with the software install process then the Error 76567 will display. ...
Read more

The Popular RPG Game Dragon’s Dogma is getting a Netflix anime

Image
Netflix has just announced a handful of its new upcoming anime projects, and among them is “an original game anime series” based on the RPG game Dragon’s Dogma. For the uninitiated, Dragon’s Dogma is a cult open world RPG game originally released in 2012 by Capcom company and directed by Hideaki Itsuno of Devil May Cry game. It is very good. Netflix recently announced that it will partner with Sublimation for the anime series, with the Representative Director of that organization, Atsushi Koishikawa, writing that it is “excited to bring our unique cel-shaded animation which carries hand-drawn textures to anime fans around the globe.” The short summary also casts some light on how the narrative will play out in the anime. “Based on a world-famous action RPG set in a big open world, Dragon’s Dogma from CAPCOM will be brought to life among the world as a Netflix original series of anime. The story follows a journey of a man seeking revenge on a dragon who stole his precious hear...
Read more