Security News > 2021 > March > Elastic Security 7.12 accelerates threat hunting workflows and prevents ransomware
Elastic announced new updates across the Elastic Security solution in the 7.12 release to accelerate threat hunting and investigation workflows, prevent ransomware, and eliminate blind spots.
Elastic Security streamlines security operation workflows and helps practitioners maximize data insights with analyst-driven correlation.
Driven by Event Query Language - the technology behind advanced correlation in the Elastic Security detection engine - analyst-driven correlation provides more targeted threat hunting and investigation with higher-fidelity detections derived from the findings that analysts uncover during those investigations.
Behavioral analysis with the Elastic Agent was also introduced to add a new layer of ransomware prevention in Elastic Security.
Complementing the signatureless anti-malware first introduced in Elastic Security 7.9, behavioral ransomware prevention on the Elastic Agent detects and stops ransomware attacks on Windows systems by analyzing data from low-level system processes.
Elastic Security is also expanding its data integrations and making it simple to migrate data from existing Splunk Enterprise environments with a connector that makes specific data sources available for rapid analysis, and added support for Cisco Advanced Malware Protection to analyze valuable endpoint data within Elastic Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/FblmHuCNcHQ/
Related news
- Ransomware gang deploys new malware to kill security software (source)
- Most Ransomware Attacks Occur When Security Staff Are Asleep, Study Finds (source)
- More than 3 in 4 Tech Leaders Worry About SaaS Security Threats, New Survey Reveals (source)
- Cyber Security and IT Leadership: A Growing Threat to Australia’s Renewable Energy Efforts (source)
- Microsoft security tools questioned for treating employees as threats (source)
- Homeland security hopes to scuttle maritime cyber-threats with port infosec testbed (source)
- MFA bypass becomes a critical security issue as ransomware tactics advance (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Obsidian Security Warns of Rising SaaS Threats to Enterprises (source)