Stairwell’s Variant Discovery: Accelerating, improving, and simplifying Incident Response

Incident Response is the systematic approach taken by organizations to identify, manage, and mitigate security incidents. It encompasses a range of activities as part of the Incident Response lifecycle including; detection, investigation, response, recovery, and communication with stakeholders. Several factors contribute to the difficulty and time-consuming nature of Incident Response which if not done correctly can ultimately lead to extended downtime, data or financial loss, reputation damage, burnout of resources, recurrence, and much more. For example, take the recent major data breach at Discord impacting 760,000 users according to Mashable. This was so impactful, widespread, and persistent that the organization had to temporarily shut down operations of discord.io, as reported by TechRadar.

So, what makes Incident Response difficult and time-consuming?

• Complexity of attacks: Cyberattacks are becoming increasingly sophisticated, with attackers using advanced techniques that can be difficult to detect and mitigate, even with an advanced EDR.
• Lack of context: Understanding the full scope and impact of an incident often requires gathering and analyzing extensive data across different systems, which is often complex and time-intensive, requiring extensive IT or network knowledge to properly assess impact.
• Volume of alerts: Security systems generate a large volume of alerts, many of which are false positives. Sorting through these alerts to identify genuine threats is time-consuming, like searching for a needle in the haystack.
• Skill shortages: There is a shortage of skilled cybersecurity professionals, making it challenging to assemble an Incident Response team with the necessary expertise, and those that are in place are overworked resulting in burnout.
• Manual processes: Many Incident Response tasks are still performed manually, which can slow down response times and increase the risk of human error.
• Resource constraints: Limited budgets, compute, and storage can restrict an organization’s ability to deliver robust Incident Response.
• Ineffective tools: Using outdated or inadequate security tools can hinder the ability to detect and respond to incidents quickly and efficiently.

Attempting to address these challenges often requires a combination of technology investments, process improvements, and ongoing training and development which are seldomly implemented, resulting in limited Incident Response; however, Stairwell offers unique, continuous functions that can quickly accelerate, improve, and simplify the biggest challenges of Incident Response, enhancing the process to save valuable time, resources, funds, and reputation. One of the major, cutting-edge features that Stairwell has developed is what we call Variant Discovery. As a former Digital Forensics and Incident Responder myself, I can personally attest to the fact that Variant Discovery is a major game changer for all defenders. Once I learned about this ability, I was jealous I didn’t have it when I did this type of work, but I was equally excited to share it with the defenders and especially responders of the world today.

What exactly is Stairwell’s Variant Discovery?

Variant Discovery is Stairwell’s deep learning neural net which was designed to uncover the unknown by performing analysis of all uploaded files against known malware along with Tactics, Techniques, and Procedures (TTPs) from ransomware, remote access trojans, and other crimeware. Stairwell has a massive corpus of over 600 million files and through this unique functionality that Stairwell has introduced, we’re able to deliver on the mission to “Give Good the Advantage” and find threats that have historically been able to bypass existing security controls and evade or persist through security incidents.

To complement Stairwell’s Variant Discovery, we also provide additional capabilities to further contribute to the acceleration, improvement, and simplification of Incident Response.

• Deep contextual data: Stairwell provides research-grade data on files at the binary level to help analysts, hunters, and responders understand malicious and suspicious files as much as possible including things like file size, names, paths, hex views, string analysis, PE data, and much more.
• Escalates significant signals: Stairwell provides malware likelihood and severity determinations along with the ability to reinforce through human opinions so that defenders understand what the technology and human verdicts are to help prioritize the order of operations.
• Continuous automated analysis: By performing continuous, automatic analysis on each file uploaded based on our ever-evolving threat intelligence and YARA rules, Stairwell is able to review and correlate malware which would normally take hours, days, or even weeks in the matter of seconds.

Now that we know what Variant Discovery is, the next question to answer is, “How exactly can Variant Discovery help my organization?”.

• Accelerate through the initial stages of the Incident Response lifecycle so responders can get to containment, response, and recovery quicker, decreasing exposure and resuming business operations sooner.
• Empower defenders to focus on higher-order tasks by allowing the technology to perform initial gathering, association, reversing, and analysis.
• Streamline emerging malware assessments as new indicators of compromise are released, giving teams the ability to say within minutes if they have ever seen malware or any variations in their environment.
• Increase the confidence responders have by ensuring no stone is left unturned and that each file is always available for comprehensive review.
• Simplify malware storage, review, and reversal by allowing teams to download and perform offline analysis as needed.
• Alleviate cycles spent in Incident Response which helps preserve resources from burnout and businesses from expenses like recruiting, hiring, and training. After all, according to IBM, nearly 65% of responders have sought mental health assistance after an incident due to stress.
• Boost the skills of your defenders at the click of a button by providing critical out-of-the-box capabilities that allow your defenders to learn and grow along the way.

In a world where security incidents are inevitable, Stairwell is the ally organizations need to stay one step ahead of cyber threats. With its commitment to acceleration, improvement, and simplification, Stairwell transforms Incident Response from an intensive burden to a simplified, streamlined process. Explore how Stairwell is reshaping Incident Response and paving the way for a more secure digital future by going beyond the limitations of tools like endpoint detection and response (EDR) platforms.