back caretBlog

Accelerate Cybersecurity Investigations with Reveal(x) Threat Briefings

 

When threat investigation and response take too long, attackers have decisive advantage as they steal data, encrypt it for ransom, or both. Accelerating investigations is a top priority for security operations teams, but it is made difficult by ongoing staffing challenges and rapidly evolving advanced threats. Reveal(x) threat briefings offer a path for faster investigation and response for enterprise SecOps teams.

Reveal(x) threat briefings are collections of correlated, contextualized data about specific cyber attacks or attack techniques that deserve elevated attention due to recent events or new information. The contextualized insights in these briefings help security analysts quickly assess and mitigate their organization's past and current exposure to emerging threats so that they can reduce their mean time to respond (MTTR) and confidently eradicate intruders. Reveal(x) threat briefings are presented directly in the Reveal(x) user interface, and may contain:

  • Threat research findings about a recent attack or vulnerability
  • Security industry information
  • Threat detections with correlated contextual data gathered and analyzed by Reveal(x)

When new zero-day vulnerabilities are disclosed, speed is of the essence for protecting businesses. With PrintNightmare, Log4Shell, SolarWinds SUNBURST, and Kaseya/REvil, the potential damage and blast radius was so high that every business was forced to evaluate and mitigate their own exposure. For security operations teams to move on to mitigation, remediation, and recovery, they must quickly answer these complex questions:

  • Were we attacked in the past? Are we already compromised?
  • Are there vulnerable devices in our environment? (In the case of PrintNightmare, that meant nearly any Windows device, so the answer was "yes" for virtually all enterprises.)
  • Have any exploits been attempted against devices on our networks?
  • Can we detect whether any devices have already been compromised and used for subsequent attacker activity?

Fortunately, Reveal(x) threat briefings can answer all of the above and more at a glance. Reveal(x) threat briefings are displayed in the upper left corner of the main security overview page of Reveal(x) as soon as you log in. You can click each threat briefing to get more details. Each threat briefing focuses on a specific threat or vulnerability and includes such vital information as:

  • A list of devices that are vulnerable to the threat
  • Detections of communications with known indicators of that compromise
  • Behavioral detections of exploit attempts
  • Detections of related behavior that is likely to follow successful exploitation
  • Background data on the threat, with links to the relevant CVE, MITRE ATT&CK page, or other security research sources.

To learn more, watch our short video showing Reveal(x) threat briefings. It explains how you can use them to gain a rapid understanding of your organization's exposure to a threat, allowing you to move quickly to stay secure.

ExtraHop Reveal(x) Live Activity Map

Stop Breaches 87% Faster

Investigate a live attack in the full product demo of ExtraHop Reveal(x), network detection and response, to see how it accelerates workflows.

Start Demo

Sign Up to Stay Informed