Secureworks announced the enhancements to its patent pending Tactic Graphs detector that will enable organizations to catch stealth attacks that would normally sneak past their cyber defenses. Delivered in the Taegis XDR platform, Tactic Graphs provides the data and insights to help analysts quickly identify complex attacks that have multiple, disparate, and subtle moving parts, using an analytic correlation engine.
Tactic Graphs acts as a tireless analyst, automatically tracking and matching multiple sources of telemetry and low-level events, applying streaming analytical techniques to uncover hidden threats. By not relying on single indicators of compromise, but instead correlating threat actor behavior against known patterns seen in the wild, it has a higher detection efficacy. This new pattern-based approach means that when adversaries change their tools or techniques, organizations will still spot them because the Tactic Graph detector within Taegis XDR detects higher-level constructs at the tactic level rather than matching individual events. This both reduces the noise and allows for broader detections when underlying tools or techniques may be changed by sophisticated threat actors in an effort to evade detection.
“Detections that focus on single indicators of compromise have a short shelf life and are easy for the adversary to evade. Tactic Graphs are a paradigm shift in detecting malicious activity, fusing human intelligence from the cybersecurity frontline with advanced analytics,” said Steve Fulton, chief product officer, Secureworks. “Threat patterns don’t have to be written by engineers, so the research community is empowered to build a repository of knowledge from which all enterprises can benefit. Working as a collective is the best way to outpace and outmaneuver the adversary.”
Tactic Graphs currently includes more than 170 threat patterns and is rapidly expanding, with latest efforts focused on sequencing cloud and network-based threats. In one recent example, a Secureworks customer at a transportation company clicked a link in a phishing campaign. Tactic Graphs correlated the user executing the phishing email with the fact that the threat actor responsible for the phishing was using stolen credentials to sign into accounts. Using Taegis, the company’s security analysts were able to automatically isolate the compromised host and rapidly mitigate the threat.
Tactic Graphs significantly improves the signal to noise ratio that can quickly drain cybersecurity analyst resources. Secureworks has found that in 2022 nearly 99% of third-party vendor-produced high and critical alerts were noise, and not real incidents. Seasoned threat actors have learned to hide in the noise, taking discrete steps across systems to evade defenses until it’s too late.
Taegis XDR, Secureworks’ cloud-native cybersecurity platform for threat prevention, detection, and response, uses numerous advanced analytic capabilities to take what may otherwise appear to be non-related telemetry and alerts to detect threat actor patterns and present these to an analyst with context. In one customer example, analysts using Secureworks saved time by streamlining over 9,000 threat alerts summed up into three Tactic Graphs.
