WALTHAM, Mass., March 3, 2022 /PRNewswire/ — Uptycs today announced that it has added features to its XDR solution to improve detection and triage of advanced attacks and APT threat actors. Now security teams have access to comprehensive tools to detect, remediate and protect against advanced external attacks.
“Working from home has created unforeseen challenges for security teams around the world,” said Ganesh Pai, CEO of Uptycs. “The push to support the remote workforce has accelerated migration to the cloud and, as a result, expanded enterprise attack surfaces. These new features reflect our ongoing commitment to staying one step ahead of potential threats so businesses can run their cloud business with confidence. »
Uptycs new features in its XDR solution include:
- Contextual detections. This feature provides analysts with more context to understand the severity of a detection, especially in-depth details about the toolkits used by threat actors. Uptycs Endpoint Agent uses a highly optimized approach to scan process memory using YARA rules, then populates the profile of each detected malware/tool to provide details about the malware’s capabilities. Uptycs’ Threat Research team is constantly updating the YARA rules, toolkit, and threat profiles. Customers can also add their own custom YARA rules, toolkit descriptions, and threat profiles to track and hunt APT threat actors that may be targeting their organization.
- Automated Threat Books: Uptycs Threat Research team provides threat intelligence to the product daily. Some of this intelligence is associated with high profile attacks. The Uptycs platform automatically creates associated threat books and analyzes historical data to identify any past infections.
- Lateral movement correlation improvements: When an analyst is evaluating a detection, one crucial thing they need to know is whether a threat actor has moved laterally through the environment. The lateral motion detection feature of our correlation engine attempts to detect attack progress based on the proximity of other systems to the system being attacked. We added improvements to identify proximity systems based on login attempts.
- Ransomware detection: Uptycs XDR agent now provides generic detection and protection against ransomware attacks on Windows operating systems. The capability is built directly into the Endpoint Agent so that it can also protect against attacks in offline mode. Additionally, Uptycs XDR provides detection of Linux-targeted ransomware attacks via the Uptycs cloud
- Process code injection / DLL injection: Uptycs XDR agent now provides generic detection for process code injection on Windows and Linux terminals. Process code injection is a technique used by attackers to inject malicious code into a trusted running process to evade detection.
- Hollowing process: A process injection sub-technique is recess process, where malicious actors attempt to evade defenses by injecting malicious code into suspended and gutted processes. Uptycs XDR agent now provides generic detection for process dumping on Windows and Linux endpoints.
- Replacing the Master Boot Record (MBR): Uptycs XDR Agent now provides generic MBR overwrite detection on Windows endpoints. MBR overwriting is a technique used by adversaries whose purpose is to disrupt operations and render the system inoperable.
- Dumping Lsass.exe memory credentials: To detect attacker attempts to steal credentials, the Uptycs XDR agent now provides generic detection of lsass.exe (Local Security Authority Subsystem Service) memory credential dump on Windows terminals.
About Uptycs
Uptycs provides the first unified, cloud-native security analytics platform that enables both endpoint and cloud security from a common solution. The solution provides a unique telemetry-based approach to address multiple use cases, including Extended Detection & Response (XDR), Cloud Workload Protection (CWPP), and Cloud Security Posture Management (CSPM). Uptycs enables security professionals to quickly prioritize, investigate, and respond to potential threats across an enterprise’s entire attack surface.
SOURCE Uptycs
