We go deeper
Our detections focus on maximum impact to adversary impact. We detect attacks across the attack chain with the intent to disrupt malicious activity as early as possible. We perform rigorous research in order to ensure full coverage against threats.
By building detections focused on adversary tactics, techniques, and procedures, we ensure coverage that’s built to last, simple for our Risk and Security Operations Center (RSOC) to triage, and hard for attackers to bypass.
Tactics | The “why” of an ATT&CK technique. It is the adversary’s tactical goal: the reason for performing an action. For example, an adversary may want to achieve credential access.1 |
Techniques | Techniques represent “how” an adversary achieves a tactical goal by performing an action. For example, an adversary may dump credentials to achieve credential access. |
Procedures | Specific capabilities and infrastructure associated with a given technique. |
Table 1 source: MITRE ATT&CK
Rigorous testing and validation
No detection goes untested. Our team runs every detection through a series of tests and attack simulations to ensure we’re creating detections that will catch evil in the act. Using our Trusted Behavior Registry® (TBR), we can further refine detections to maximize the impact.
Critical response
The internet is a wild and unpredictable place where attackers and vulnerabilities can emerge at a moment’s notice. Our Threat Detection Engineers work quickly to build new detections after a threat is discovered to keep our customers safe.
