The core capabilities of DeCYFIR that can be combined with MS sentinel are:
Rich data on the tactics, techniques, and procedures used by threat actors with IOC-specific remediation steps and tactical execution recommendations. These can be used for threat hunting, investigation, and analysis of threats.
External Attack Surface Discovery *
A clear view of the entire external digital footprint across domains, sub-domains, and third parties as well as identifying critical exposures, vulnerabilities, or weak configuration (default setting vs. misconfiguration) to establish a strong security posture and cyber defense. Attack surface intelligence covers domains, subdomains, on-premises, cloud, hybrid, shadow IT, forgotten IT, and third parties.
Vulnerability Intelligence *
Vulnerabilities should be actioned based on their technical severity together with the current state of exploits by attackers, not simply the CVSS score. Our vulnerability intelligence allows remediation efforts to focus on the must-do critical vulnerabilities that attackers are exploiting matched to an organization’s threat profile, specific industries, geographies, or technology ecosystem.
Threat Actor & Campaign Intelligence *
Enables organizations to better conduct scenario planning to predict and combat threats and attacks. Knowing who is most likely to attack, the attack vectors they are likely to use, and the vulnerabilities they will exploit are essential to improve an organization’s cybersecurity posture. Customers can search threat actors, their profiles, their active campaigns, exploits, and associated TTP including malware.
* Denotes the feature will be available in Phase 2