3 1 Breach Detection System Release Notes

3 1 Breach Detection System Release Notes


  3.



Highlights 

  • Amazing new navigation menu and dashboard to match day to day operation workflow and provide intuitive navigation
  • 4 new detections to further enhance cyber safety
  • 5+ new data source capability added to gain even more visibility over the environment
  • 5 new Threat Hunting view for easier and quicker investigation
  • 2 more compliance reports
  • Various improvements on stability, security, and performance of the platform


New User Interface 

  • Completely re-designed menu structure to reflect the workflows and interactions observed  on enterprise and MSSP environments
  • Global navigation bar moved from left to top
  • Improved dashboard to further highlight the important metrics and data points for admins to  have the pulse on their business and take immediate action with ease
  • Tab menu views are replaced with menu list pop-up presentation
  • Unified the dropdown menu designs based on our design system
  • User interface colors are revisited to match the company colors.
  • Spanish is added to the available language set for the user interface (Beta)


New Detections 

  • Exploited C&C Connections: A reverse connection detected from an asset to an IP address that had previously been seen having an exploit attempt to the same asset
  • Exploited Vulnerabilities: An exploit attempt is detected to an asset that had previously been seen having a vulnerability against the same kind of exploit
  • Application Anomaly: Anomalous application connection detected from private (internal assets) to public (internet)
  • Data Ingestion Anomaly: Anomalous data volume (either low or high) detected coming from a data sensor to the data processor
  • Improved malware detection functionality with AV and Machine Learning.  


More Data Ingestion With More Control 

  • Application whitelisting option is added for metadata ingestion over sensors for admins to determine if they want to get the data only for desired applications
  • IP net-mask option is added to define a range of network in Data Filter (old name: User Defined Applications) at once instead of entering IPs one by one
  • Added data sensor support to collecting logs from JSON file. An example application of this kind of integration is Sophos Central (Endpoint Manager)
  • Log forwarder performance is improved more than 5x due to changes in the communication protocol
  • Cisco Umbrella logs ingestion has been added as beta functionality
  • Imperva WAF logs ingestion has been added to the platform
  • Sophos XG Firewall logs ingestion has been added to the platform
  • Crowdstrike logs ingestion has been added as beta functionality
  • CarbonBlack logs ingestion has been added as beta functionality


Improvements over Automated Threat Hunting 

  • Re-architected backend to provide better performance and flexibility
  • Improved configuration menu for easier usage


More Threat Hunting Views 

  • DNS analysis view to investigate the DNS traffic records with highlight to recently registered domain names
  • Linux server commands analysis view to investigate the commands run on Linux servers
  • Okta logs analysis view to investigate user and application authentication records
  • Vulnerability scan view to investigate the vulnerability scans over assets
  • Vulnerability event view to investigate found vulnerabilities over assets
  • Firewall event view is improved with more charts and datapoint for easier investigation over visualization


Two more PCI compliance report added to the platform for admins to keep an eye and report on vulnerability scans as well as found vulnerabilities on their environment


Improved Data Enrichment and Visualization 

  • The new data source has been integrated for geolocation for even better results
  • Improved data normalization for username to serve unified views and enable unified queries over Windows and Office365 events
  • Username and Hostname filters added to the "Advanced Options" view of global quick filters to allow admins to focus the entire view based on a selected user or a selected asset
  • Also, username information is added to the summary section of the event details view for quick reference


More on High Availability, Improved Resilience 
  • High availability is improved with the ability to buffer data on data analyzer in case there is an issue with the data lake
  • Linux and Windows agent sensors can now buffer data in case there is an issue with data processor communication


And more 

  • Improved system security with revisited data in use encryption and credentials security
  • Improved mail server configuration options to cover a wide range of mail server settings possible to have on enterprise environment