New products and services

Many companies struggle to understand malicious activity and their impacts while a security incident is in progress. It eats up precious time and resources that defenders need to contain the attack and minimize damage. However, a new open-source tool built to increase visibility on suspicious activities detected by organizations aims to relieve this pain.

Detectree, developed by WithSecure (formerly known as F-Secure business), is a detection visualization tool for cyber security defense / defence teams (also known as blue teams).

According to Tom Barrow, a senior threat hunter for WithSecure’s managed detection and response service, WithSecure Countercept, finding the links between the suspicious events on an endpoint is paramount for responders:

“Visibility is always a priority, but it’s absolutely vital when responding to an incident,” explained Barrow. “Time is always working against incident responders. And looking through rows of text data and making connections between them and the suspicious activity under investigation is time spent not remediating the problem, which is a real waste when you’re under pressure to stop an attack.”

Detectree was designed to help blue teams simplify investigative work by structuring log data into a visualization that shows relationships between the suspicious activity detected and any processes, network destinations, files, or registry keys connected to that detection. Rather than manually sorting through data represented as text to reconstruct a chain of events, responders can look at the visualization to see not only the connections, but the nature of the connections, including interactions, parent-child relationships, and process injections. Relying on the visualization lets responders quickly see the context surrounding a detection and share that data with relevant stakeholders in a simple, intuitive way to ensure the information is accessible to everyone that needs it.

“Even the most experienced, skilled blue teams need tools to help them do their jobs well. Detectree is a simple tool, but it’s addressing real pain points that make work unnecessarily difficult and time consuming for security teams,” he said. 

Detectree is now available for download on WithSecure Countercept’s Github page.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.