Bitdefender Completes Acquisition of Horangi Cyber Security
logo

EN

Products +

Services +

Customers +

Partners +

Resources +

New Stack of Features to Minimize Time Spent on Investigation with Warden Threat Detection

Once you get the alert for threats or suspicious behavior in your cloud stack, investigation is the next step that all cloud security teams take as an essential part of the response process. Some organizations use external investigation tools if they are using detection focused solutions, but Warden’s all-in-one Threat Detection, helps you with faster and secure investigation with automated and easy interfaces. Read more on how to do so below!

Warden’s Real-Time Threat Detection is built to monitor your infrastructure 24/7. In addition to detection, we have introduced an array of features and enhancements, solely for faster investigation, to accelerate your time to respond. 

We aim to automate the alert analysis process to help and guide you to easily investigate suspicious activities and quickly identify the root cause of potential threats. Just with Warden on your side, you can skip the long-process of consultation with professional analysts, and thereby reduce the time-to-respond for your in-house security team.

Monitoring Alerts

In the monitoring alert details, Warden already provides normalized logs with key information such as:

  • What resources are affected
  • What identities are involved 
  • Which Source IP is used and corresponding Geolocation information
  • How many times it happened 
  • The first and the last seen of the suspicious activity

P.S. You can get these sorted with ease with the ‘One-click Quick Filtering’ for the key factors in the alert details.

What’s New?

We added these features for efficiency and faster investigation. Here’s a rundown of what we have recently added to your Warden dashboard:

  1. Configure trusted users to suppress alerts from them
    You can configure and exclude the users in the monitoring scope or change them to lower severity for the activities done by the trusted users (like your security team members). It will help you reduce the noise and automatically suppress the alerts, so that you don’t need to spend extra time investigating these activities from trusted users. However, if the other alerts are related to their user activity, you will still be able to see all the correlated events regardless of these whitelisted users. 

scope configuration on Warden Threat Detection

  1. New 'One-Click Investigate' button to minimize investigation effort
    Once you click the ‘Investigate’ button in the alert details, it will open the investigation page and automatically filter out related events so that you can easily conduct faster investigation for these alerts. This new investigation page will show all the correlated events and the context in one place to help you investigate the underlying reasons for the alerts. You can also filter by other parameters like account, region, resources, etc. to quickly examine suspicious behavior or understand the attack flow. 

Investigate with One-Click

Investigate with One-click

  1. Investigate Identities with IAM Access Graph
    More advanced identity exploration is available on your Warden dashboard during the investigation. If you want to check more information about the identity from the alert, it is now possible to directly link to the existing Warden IAM Identity Access Graph, which shows in a graphical view details like what kind of permission the identity has and what kind of resources it can access.

Warden Threat Detection and IAM Graphs

Conclusion

We have often heard from our customers that it can be quite time-consuming to investigate alerts and even more expensive to employ third-part tools to help filter out the noise for faster threat detection and investigation. With these feature updates, we hope to help you automate investigation and significantly reduce your time to respond to threats lurking in your cloud stack. All of the processes, features enhancements, and add-ons are designed to accelerate your security team’s ease-of-use and to minimize the time spent on investigation. Warden will continue to add more features for faster and efficient investigation. To know more or experience Warden’s Intelligent Threat Detection in a 15-min demo, drop us a line here.

Julia Li
Julia Li

Julia is a Product Manager at Horangi for Warden Threat Detection. She is passionate about securing cloud environments by implementing Real-Time Threat Detection and helping enterprises improve their cloud security game.

Subscribe to the Horangi Newsletter.

Be the first to hear about Horangi's upcoming webinars and events, up-and-coming cyber threats, new solutions, and the future of cybersecurity from our tech experts.