Streamlining Security Control Optimization: Introducing Picus’s Auto-Mitigate Feature

The Red Report 2024

The Top 10 MITRE ATT&CK Techniques Used by Adversaries

DOWNLOAD

In cyber defense, efficiency and automation are imperative to deal with challenges like the scarcity of human resources and the need for a consistent security posture. Understanding these key challenges, Picus has developed a revolutionary new feature called "Auto-Mitigate" to help optimize  detection and mitigation processes. The feature, now part of the Picus Security Validation platform, is poised to fundamentally transform how security professionals manage and deploy detection rules across their security controls.

Auto-Mitigate is a significant advancement  in Security Validation. It enables Picus customers that use Picus’ leading Breach and Attack simulation technology to validate the effectiveness of their security controls to mitigate threat coverage gaps with one click.

Auto-Mitigate fulfills the critical need for scalability and efficiency within cybersecurity practices. It provides CISOs and security directors with a solution that dramatically boosts ROI and expenditure optimization through the adoption of automated and scalable security measures. Additionally, Auto-Mitigate reduces the burden on security practitioners by automating repetitive tasks and reducing the time it takes to respond to emerging threats.

The Innovation of Auto-Mitigate

As an industry-first breakthrough, Auto-Mitigate streamlines the mitigation workflow process in the Picus Security Validation Platform. Building on the core strengths of Picus  - simulation of cyber threats, pinpointing security gaps, and mitigation recommendations tailored to the security controls (vendor-specific mitigation) - it introduces a transformational layer of automation to the remediation workflow. With this feature, users are empowered with a seamless, one-click option to deploy vendor-specific mitigation content.  This bridges the gap between security validation and action, enabling detection content to be directly applied to the security controls, like EDR and SIEM solutions.

The Key Advantages and Benefits of Auto-Mitigate

Auto-Mitigate changes the game in how security teams that validate their security controls mitigate threats, with the following advantages:

  • Amplified Time Efficiency and Streamlined Operations: The key innovation in Auto-Mitigate is the considerable increase in operational efficiency. Automating the identification of gaps in security defenses and the deployment of detection and prevention rules significantly reduces the level of manual work, allowing an agile response to threats.

  • Blending Automation with Human Insight: Although Auto-Mitigate is very effective, human intervention is necessary to provide the final approval as a crucial safety measure. This hybrid approach blends the efficiency of automation with critical human expertise. it emphasizes that while automation will improve efficiency, it will never replace the nuanced understanding and judgment of experienced professionals.

  • A Force Multiplier for Security Teams: Auto-Mitigate is a strategic force multiplier for security teams: Cybersecurity professionals can leverage it to offload routine tasks related to the deployment of detection and prevention rules. 

  • Rationalizing Spend and Demonstrating ROI: Given the automated and consistent nature of Auto-Mitigate, it promises to help organizations better rationalize their cybersecurity investment. Automated detection, mitigation, and revalidation are justifications for security investments made easier by linking actions directly to outcomes. For CISOs and security managers with financial responsibilities and justifications, the increased efficiency of Auto-Mitigate can be tied to financial benefits directly, so it becomes easier to justify value and effectiveness from security strategies to stakeholders.

The First Integration: CrowdStrike Falcon Platform

We are excited to announce CrowdStrike as the first partner in our Auto-Mitigate program. It saves users a lot of time and effort through the automation of the IOA queries and the much-simplified deployment process. It also greatly simplifies integration with systems like CrowdStrike to help users best utilize these capabilities.

How Auto-Mitigate Works

The Picus Security Validation Platform provides detection content in the form of queries. Our customers copy and paste these ready-to-use queries from the Picus platform into a field on their SIEMs or EDRs to use them.  However, CrowdStrike's IOA queries can't be used directly in this way because they don't have a field for it. This means that users must enter each line individually, which takes a lot of work.  However, Auto-Mitigate’s seamless integration with the CrowdStrike Falcon platform enables one-click deployment of IOA queries shown in the Picus platform directly into CrowdStrike's environment. By automating the deployment of IOA queries to CrowdStrike via Picus, the Auto-Mitigate feature saves valuable time and reduces the effort required, ultimately enhancing their productivity.

Consider a scenario where you simulate the attack "Disable Windows Defender via PowerShell Command." Upon clicking the “Detection” tab, you can view the detection contents provided by Picus for this attack.

Figure 1: Detection Tab Overview for Windows Defender Attack Simulation

Then, you can select "CrowdStrike" from this list to access the “IOA Rule Query” tailored for CrowdStrike.

Figure 2: CrowdStrike IOA Rule Query Overview and Deploy Query Button

Upon clicking the ‘Deploy Query’ button, a Picus folder is automatically created in CrowdStrike via API, followed by the deployment of the IOA query into this folder.

Figure 3: Deployment of IOA Query

Leveraging the CrowdStrike agent, it checks for the presence of the Picus folder and deploys the query accordingly.

Figure 4: Verification and Deployment Process via CrowdStrike Agent

Conclusion

Auto-Mitigate streamlines identifying and mitigating gaps in security controls. As a validation industry-first feature, Auto-Mitigate showcases Picus Security's leadership and innovation in cybersecurity. It offers tangible benefits that align with the strategic objectives of CISOs, cybersecurity managers, and practitioners. We encourage you to explore The Picus Security Validation Platform further and consider how Auto-Mitigate can revolutionize your organization's approach to Security Validation and detection engineering. Take a step towards a more automated, efficient, and secure future with Picus.