Vendor says new solution takes forensic-driven approach to incident response that extends deeper value to defenders. Credit: Getty Images Endpoint protection vendor Cybereason has launched a new incident response (IR) solution to streamline and automate IR investigations. Digital Forensics Incident Response incorporates nuanced forensics artifacts into threat hunting, reducing remediation time by enabling security analysts to contain cyberattacks in minutes, the firm stated in a press release. The release comes in the wake of new research that discovered a drop in global attack dwell times as organizations and their partners improve their incident detection and response capabilities.Cybereason DFIR driven by forensics for deeper defense valueAccording to Cybereason, the new solution offers forensic-driven incident response that extends deeper value to defenders. By augmenting its existing MalOp Detection Engine with intelligence from DFIR, security analysts can leverage comprehensive detections from root cause across every impacted asset via a central point, the vendor added. As a result, security teams can quickly gain visibility into a wider range of intelligence sources to enable rapid decisions and remediate threats more efficiently.Cybereason said the solution includes forensic data ingestion, live file search, and IR tools deployment capabilities. “Cybereason DFIR enhances the performance of the Cybereason XDR Platform in our customers’ environments enabling security analyst teams to detect, identify, analyze, and respond to sophisticated threats before adversaries can inflict harm, and when needed, conduct a thorough post-mortem analysis of a complex incident,” commented Cybereason CTO and founder Yonatan Striem-Amit. Capabilities bolster an already improving incident response spaceThe capabilities included within DFIR look set to bolster an already improving threat detection and response space. For example, Mandiant’s M-Trends 2022 report discovered that global median dwell time, which is calculated as the median number of days an attacker is present in a target’s environment before being detected, decreased from 24 days in 2020 to 21 days in 2021 within global organizations. With DFIR, businesses can benefit from several features designed to streamline investigative IR processes, Cybereason said. These include: Tailored remediation actions that analysts can perform directly from the investigation screenCommands that can be executed directly on hosts with remote shell and real-time response actionsAttack path tracking to reveal and analyze tactics, techniques, and procedures (TTPs)File collection to investigate relevant files and forensic artifacts of interestAutomation of most aspects of incident investigation and updating of Level 1 and 2 analyst capabilities to perform complex forensic tasksSupport from Cybereason services teams on investigations, breach recovery, forensic audits, and deep-dive analysis Related content feature Hijack of monitoring devices highlights cyber threat to solar power infrastructure An attack on remote monitoring devices in Japan underscores an emerging cybersecurity threat to the rapidly growing solar component of the power grid. Inverters used with solar panels could pose a more significant risk. By Cynthia Brumfield May 23, 2024 9 mins Energy Industry Utilities Industry Critical Infrastructure brandpost Sponsored by Cyber NewsWire Memcyco Report Reveals Only 6% Of Brands Can Protect Their Customers From Digital Impersonation Fraud By Cyber NewsWire - Paid Press Release May 23, 2024 4 mins Cyberattacks Security news US government could mandate quantum-resistant encryption from July Post-quantum encryption standards, once defined, will gradually become mandatory for government contractors. By Gyana Swain May 22, 2024 3 mins Government IT Regulation Encryption news Microsoft Azure’s Russinovich sheds light on key generative AI threats Generative AI models have a larger attack surface than many CSOs might think. Microsoft Azure’s CTO walked through some of the more significant challenges facing developers and defenders. By David Strom May 22, 2024 4 mins Generative AI Data and Information Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe