Get the detections of TTPs that are being used in the wild.
When it comes to detections, the three most important factors are:
1) Coverage - the detections cover attacks that threat actors are using;
2) Accuracy - the accuracy of these detections - if they are not well written or not easily modified. Then the SOC will experience a large number of false positives; and;
3) Computational Complexity - Adding more detections increases the workload of your respective tools. For example, Splunk, as you increase the number of detection alerts, the SOC staff regular searches are queued because there is not enough computing available.
How does LiFT help with this?Coverage - We focus on what threat actors are doing. Our cognitive understanding within our intelligence collection accurately finds threat actor TTP.
Accuracy - we have seen many Sigma rules that will never detect the attack for which they are written. Our rule minting process has quality checks to ensure it's written accurately and will match consistently. We have also made the selection criteria easier to change so that tuning these rules is easier and reduces the fragility of Sigma rules.
Computational Complexity - Most security tools allow a fast search to find specific words located less than other words. Most Sigma rules don't consider this, which means these rules drain the resources of your SOC SIEM/EDR and such platform. We have a fast search as a selection parameter so that each rule tries to find the condition as fast as possible with the least amount of computing needed. These rules are optimized to reduce the compute need in tools like Splunk, DEVO, Elastic Search, and other SIEM tools.This boils down to helping security operations reverse engineer a cyber threat to mitigate future damages. With UPLift's advanced threat intelligence rules, you have all you need to outsmart threat actors. Our threat intelligence system is built with an intelligence-driven intel analysis process. This begins with the discovery, profiling, storage, query, and ranking. We collect data through a machine-learning-based threat hunting system that gathers information directly from feeds, targets and brings the system close to the source of exploit writers. This evens the playground with the bad guys by providing prompt, decluttered information that helps you check if you have been compromised and how to implement new detections based on the studied trends.
Using UPLiFT™ to Mitigate Cyber Threats
Access to threat actor TTPs that threat actors are currently using, places you in a great position to protect your organiztion. You can use our Sigma Rules, Yara Rules, WAF Rules and various IOCs in multiple security tools that you have in your environment.