Afew weeks ago, we announced the release of version 2.10 of Cytomic Orion, developed to ensure security teams could maximize and accelerate the response to incidents. Today, we are launching version 2.11.10 of the Cytomic Orion/Covalent/Ionic Security Operations console (SecOps), which delivers:
- Creation of ‘in-house’ hunting rules by organizations
- List of the hunting rules available in an organization
It is important to remember that cyberattackers now leverage services offering encryption, file compression, and polymorphism, which enable them to generate such a variety of malware that existing antivirus signatures won’t return a match. This is why it is so important to have solutions that not only use signatures, but also start from a Zero Trust approach, preventing any binary file from running until classified as trusted, as well as allowing organizations to create their own hunting rules so that nothing will slip past undetected.
Custom Hunting Rules
With this release, analysts will be able to create their own hunting rules using a ‘Rule Editor’, assigning them a risk level, and enabling or disabling them as and when required. These rules will be applied in real time to the event data stream.
- The rules created have to be validated to ensure that they generate a manageable number of indicators, and if not, they must be checked and edited.
- In addition, an organization’s users can access a list with all the available hunting rules, both those created by users in their organization, as well as those created by Cytomic, and the ability to export that list.The new release is available from November 18. No service outage is expected. More information is available on the Cytomic Orion release notes page:The new release is available from November 18. No service outage is expected. More information is available on the Cytomic Orion release notes page: https://info.cytomicmodel.com/orion/releasenotes/