HYAS Blog

Accelerate Investigation & Attribution with Avalon and HYAS Insight

Written by HYAS | August 27, 2020

Investigating security incidents is seldom a straightforward process. Investigations are typically performed by disparate and dispersed teams who may be silo-ed and rely on “cut and paste” workflow, unwieldy spreadsheets, and cumbersome email chains to share information and put together reporting needed for stakeholders throughout the organization. Such inefficient administrative processes consume valuable time and energy that could be better spent on analysis and investigation.

SOC and IR teams need an effective way to quickly to visualize incidents, enrich data from multiple sources, share and collaborate with other teams in real-time, and preserve and report the results – all from a single interactive workspace. We’re excited to announce a new integration between HYAS Insight and King and Union’s Avalon platform that will help teams improve these incident response processes and reduce the amount of time spent on manual, administrative tasks – giving them more time to focus on security.

Avalon is a SaaS link analysis platform that enables teams to work together in real time within a single interactive workspace to quickly visualize and investigate threats, review and share investigative results and then easily create and deliver reporting to the right person in the right format.  HYAS Insight provides unparalleled threat intelligence that allows you to map adversary infrastructure and attribute attacks frequently to the adversary physical doorstep. Working together, this integration enables security teams to automatically visualize and enrich threat data with HYAS Insight as well as integrate it with other internal or external data sources – allowing security teams to work as efficiently as possible.

Integration

Using HYAS Insight for enrichment within Avalon is easy. Simply set up an API key, drop an indicator in the Avalon workspace and click enrich to pull in data from HYAS Insight. You can also pull in additional threat data from other internal or external sources into the workspace for further enrichment.

Interact & Visualize

Avalon workspaces provide analysts, IR teams, and others with a centralized place to work together in real-time on an incident. Creating trusted groups allows multiple analysts and teams -both inside or outside the organization – to work together in the Avalon workspace to interact with the link analysis graph, enrich the artifacts with additional data, chat and collaborate on the incident in real-time – saving valuable time and resources.

Deliver & Preserve

Once the investigation is complete, you can easily deliver finished intelligence and reporting to key stakeholders directly from Avalon in a format that works best for them. Using Avalon as a centralized knowledge management repository, HYAS Insight data can be continually populated with the latest data and analysis and any new investigations in the future can be automatically enriched from previous ones.

Avalon and HYAS Insight empower analysts and security teams to more efficiently visualize and enrich data, work together to investigate threats, quickly take needed actions, and greatly reduce the time spent on manual and administrative tasks to create and deliver investigation results to key stakeholders throughout your organization. 

To learn more,  read the HYAS solution brief.