Suspicious activity on the endpoint is usually an indicator that a larger cybersecurity threat or attack is occurring. Your users are continually targeted by various attacks – phishing, malicious websites, session-based attacks and more — that end up playing out on the endpoints inside your organization.
While understanding anomalous behaviors on your endpoints is important, they must also be analyzed within the broader context of events, network activity, and peer-user behavior in order to have the best chance at identifying indicators of compromise (IoCs).
Securonix and Cylance have partnered to integrate Securonix Security Analytics Platform — Securonix’s next-gen SIEM platform with its data collection, threat detection, investigation, and response capabilities — and combine it with the capabilities of CylancePROTECT® — an artificial intelligence (AI)-based antivirus and endpoint protection solution.
Working together, Securonix uses the Cylance API to gather real-time attack intelligence from the endpoints across your organization, and leverages this intelligence for threat detection and investigation.
Figure 1: The CylancePROTECT dashboard gives an overall view of threats across the enterprise
Combining the capabilities of Securonix and Cylance provides security operations center (SOC) teams with a single-pane view of both cloud and endpoint security events along with the continuous protection and prevention capabilities they need to proactively detect and defeat viruses, malware, ransomware, and other known and unknown (zero-day) threats.
The integrated solution is able to find and prevent known and unknown threats on the endpoint without any impact to the user and is also able to find complex cyberthreats that span the endpoint, network, and user spaces.
Figure 2: Securonix integrates and exposes CylancePROTECT intelligence for threat investigation