Cytomic Orion_

Analytics that accelerates detection and response

The solution that accelerates Threat Hunting, detection and response within your organization.

Automate the search for malwareless threats, alert triage, and investigation thanks to the application of event analysis and scalable threat intelligence.

Cytomic Orion guides your security analysts through the process of triage, investigation and immediate action.

Zero-trust Application Service

Thanks to the managed Zero-trust Application Service, attacks that try to run malicious applications are not a problem on the Cytomic platform.

However, malwareless or script-based attacks and living-off-the-land techniques are increasingly common because they are more difficult to detect. This allows attackers to go unnoticed on the network for an average of around 200 days.

This is why Cytomic platform automates the process of gathering and filtering millions of events that are the result of endpoint monitoring, contextualizing them with threat intelligence. This context-rich information is available by default for 365 days, allowing full contextualized detection and investigation of security incidents.

Change your defensive security to an offensive stance

and reduce investigation and remediation time

Threat Hunting

Threat hunting is a challenging, complex, and time-consuming exploratory activity. Threat hunters must explore, prioritize, and investigate threats, gather data with context, connect disparate data, and perform rapid and relevant analysis.

Unfortunately, today’s tools get in the way and make it hard for analysts to do what they do best: hunt threats.

Proactively inspect events to locate indicators of attack and entities of interest

Carry out advanced searches on up to 365 days of enriched data

Reuse queries and create custom detection rules for suspicious activity without any restrictions

Data Analytics for Automated Security

Effectively hunting and detecting threats and then investing these cases requires massive data analysis and correlation with threat intelligence. Cytomic Orion natively provides analysts with the necessary analytics.

It automates the detection and correlation of suspicious behaviors and the investigation of incidents through unlimited extensible pre-created Jupyter Notebooks and its threat Hunting library.

From Alert to Remediation and Eradication

Early detection is undoubtedly the first step in containing and eradicating an attacker on the network, but this is useless without immediate action on endpoints to respond to the attacker.

From Cytomic Orion, remote action on endpoints is instantaneous: from alert to remediation and eradication in a matter of seconds, with the ability to isolate, restart, run incident response tools, etc.

Integration in the Technological Stack: APIs and Connectors

Bidirectional integration with the SOC’s technology stack via API-Cytomic, the on-premise SIEM connector, and Jupyter Notebooks themselves.

Jupyter Notebooks are extensible and contain external libraries to further accelerate threat discovery, investigation and response capabilities on the corporate network.

What SOC capabilities does Cytomic Orion enhance?

Advanced Threat Hunting with advanced queries on the 365-day data lake

Retrospective, real-time IoC search

Detection of enriched behaviors with attribution and mapping, with TTPs from the MITRE ATTA&CK framework

Threat intelligence from Cytomic Platform and external sources

Automation with preset investigations using Jupyter Notebooks

In-depth investigation guided by tools from the Investigation console

Scalable Remote Containment and Remediation

APIs for integration with the technological stack to exchange information and processes