Product Updates

What is the MITRE ATT&CK Advisor Application? Devo’s MITRE ATT&CK Advisor empowers you to intuitively operationalize the MITRE ATT&CK Adviser and improve SOC effectiveness. By equipping Devo users with the MITRE ATT&CK Adviser within the platform, security teams are able to map their ingested data and detections to MITRE’s documented tactics and techniques for identification of crucial coverage adjustments.  SciSec, Devo’s security research team of data scientists and cybersecurity experts, created the MITRE ATT&CK Adviser as a testament of their mission to provide analysts with scalable threat management tools and methodologies to succeed at detection, investigation, and response.  What Will I be able to achieve with the MITRE ATT&CK Adviser?  Gain confidence by leveraging a dynamic MITRE ATT&CK coverage heat map to identify coverage gaps that may exist and fill those gaps by deploying out-of-box detections available in Devo Exchange Gain visibility of all your data sources against MITRE and easily identify the techniques each source can detect and where data gaps may exist Gain clarity into commonly employed techniques used by threat groups and nation state threat actors to improve detection coverage relative to your organization’s industry and geography  Overview of the Application  The Mitre Attack adviser application gives you instant visibility across all the objectives in the mitre attack framework and their corresponding tactics.  With the adviser, you can look at each objective to see how many detections you have for each of the techniques across the framework.  Red denotes a lack of detections for that objective or tactic, yellow denotes moderate coverage, and green means you have good coverage.Additionally, the advisor App has Threat Group Filters that can be turned on to see what detections you have around a specific threat. You can select a threat great from the dropdown list (Hafnium is shown in the example).  This kind of visibility into your security posture around specific attacks gives you the clarity to see where your defenses are strong, and where you need to increase coverage.  Additionally, Devo has released over 200 new detections just this year and the Sci Sec team is continuing to add new detections. With Devo’s Content Manager, you can increase coverage with new detections by simply clicking a button. Simply go into the Content Manager, search the detection you are looking for and install it. Then you can see the change in your coverage in the adviser App.  Devo’s new Mitre Att&ck adviser application, and the new detections from Content Manager, is there to empower you to make the right decisions for your SOC. How Can I access the App and Start Using it Today? The MITRE ATT&CK app is available in Devo Exchange for all Devo customers.  For more information on the app, please contact your CSM or read more about it in our documentation. Click here to install it now!  

Devo is pleased to announce the availability of 50+ cloud security detections for AWS to our Security Operations application.  The new detections enable organizations to monitor their cloud infrastructure, look for areas of risk, or respond to threats as they emerge. Devo security experts crafted the detections and tested and validated each of the detections using adversary simulation.Devo curated and vetted these detections — which will be delivered by use case — to provide rapid time to value with out-of-the-box content that will help organizations of all types improve their cloud security posture. What are the benefits of these detections?  Unified visibility and the ability to minotaur large volumes of data across hybrid, multi-cloud environments  Reduced mean time to detection and response (MTTD/MTTR) with automatic alerts based on suspicious cloud usage Granular visibility into application, user or file behavior across different environments to secure dynamic workloads and detect abuse of privileges Maintained surveillance of user access and privilege to uncover identity-based threats Continuous monitoring and scanning to provide security assessments in real time  Additional Resource: AWS Cloud Detections Documentation Solution Brief  Blog

Devo has acquired Kognos! What is Kognos?  Kognos, the pioneer of autonomous threat hunting, gives analysts everything they need to know to quickly and efficiently remediate and get ahead of risks in their environment. Kognos runs autonomous investigations and hunts, doing what an analyst would, from start to finish, in a matter of minutes, to cut through the alert noise and reveal the information, activity, and connections that matter. With complete attack stories, analysts know exactly how the attack started, what it did, and when, so they can take all appropriate actions to address the entirety of the threat. Kognos works in the background providing continuous insights into the latest threat activity, so analysts can do what they need to keep the environment safe. How do Devo and Kognos work together?   Paired together, Kognos and Devo can transform petabytes of security data into comprehensive attack stories.  Devo collects data from across the entire attack surface, from any source, at massive scale, and provides the advanced analytics and detections that feed directly into the Kognos AI engine. These alerts feed directly into the Kognos attack-tracing AI engine that mirrors how analysts work by asking thousands of questions that dig into the data to understand the attack and providing end-to-end threat stories that radically improve analyst decision-making and shift their starting point from an alert to a full attack blueprint.  This powerful combination automates key aspects of the threat lifecycle—detection, triage, investigation and hunting—eliminating the repetitive manual tasks that lead to analyst burnout and SOC inefficiency. It also accelerates incident response by continuously updating a real-time view of all assets and their relationships, which enables you to assess the potential impact on your organization with a clear view of what needs to be remediated. Together, Devo and Kognos form the foundation of the autonomous SOC by providing the data analytics, automation and AI that SOC teams demand to keep pace with sophisticated adversaries while avoiding analyst burnout. Where Can I Learn More?  Blog Solution Brief  Kognos Website  If interested in getting a Kognos demo, please reach out to your Devo RSM or CSM!  

Devo is pleased to announce the release of the Devo Exchange. The Devo Exchange is a vibrant community-based marketplace full of valuable content that Devo customers can browse, install, and manage with push-button simplicity. Devo Exchange enables you to realize immediate value from your Devo deployment by providing on-demand access to content relevant to your security ecosystem. Devo Exchange reduces the time your team needs to spend creating custom content and accelerates the deployment of impactful use cases.  How Do I Access Devo Exchange? The Devo Exchange is accessed via the Exchange icon directly in the Devo UI.  Once you launch the Exchange by clicking on the icon, you will be taken to the Exchange landing page.  Notice that the landing page includes the “Highlights” section – which is important content for all Devo customers, and the “Recommended by Devo” section, which contains highly relevant content. Clicking on the “Discover” section offers you other ways to sort content including “Trending,” New & Noteworthy,” and “Most Popular.” What Content does Devo Exchange Contain? The Devo Exchange contains expert created security analytics and alerts, insightful Activeboards, data enrichments, use-case based applications, and content packs.  Content packs are combinations of related alerts, Activeboards, enrichments, and applications How do I Install Content?Each piece of content on the Exchange is represented by a tile.  When you click on a tile, it will display the type of content (alert, lookup, Activeboard, application, or content pack) as well as an overview of that content.  Please note the required data source table(s) for that content in the lower right of the card under the “Requirements” section.”  Simply click the green “Install” button in the top right corner to install the content.To see which content you currently have installed in your environment, click the “Manage Installed Apps” in the top right corner of the Exchange.  After clicking it, you will see a page of all the installed content in your environment organized by content type (alerts, Activeboards, applications, and lookups).  For a small subset of customers who have developed their own custom applications, you will also have “Manage domain applications” which lists those installed custom applications not from the Exchange.  Additional Resources: Devo Documentation Devo Exchange Customer Webinar Devo Exchange Demo: