Accelerating Investigation with Panther

TL;DR: Back in June, Panther announced functionality to help security teams easily collect security data and seamlessly build detection logic for their environments. Today, we’re happy to showcase our vision for the right hand side of the product. To give security teams time back, Panther is building features to help them effectively understand suspicious activity and seamlessly investigate their environments from day one.

Reducing time between alert generation and resolution

When a SIEM generates an alert, a key workflow for the security team is to quickly understand the context around the alert to confirm benign or suspicious activity. But not all SIEMs streamline the subsequent triage and investigation process.  Without proper context and enrichment alerts can be hard to parse and understand – adding friction to the alert triage process. And, in many cases, it’s then difficult to effectively search and pivot over large sums of data – wasting critical investigation time.

Slow triage and investigations are frustrating for security teams, but also costly and risky for their organizations. They increase mean time to respond (MTTR) to threats and expose companies to compliance violations and data breaches.

That’s why security teams need simple, effective ways to accelerate investigation. And that’s what we’re building at Panther.

How Panther streamlines alert triage and investigation

To accelerate investigation, Panther enables security teams by enriching alerts with relevant identity data – making it easier to understand the underlying activity. From there, it should be seamless to begin a search over all logs to validate and verify the alert. And, given that the first answer almost always leads to more questions, Panther will accelerate pivots by providing simple visualizations and enabling easy curation of results to refine the data for the next search.

Here are some of the key features that make Panther’s investigation experience unique:

• Identity & Device Enrichment: To expedite alert triage, Panther has integrated relevant identity and device profiles from providers like Okta and Google into the alert context. This makes it simpler to understand the who and what behind an alert. 

• Simple Cross-Log Search: To enable easy data exploration, Panther now has an approachable typeahead search experience. The search autofills common indicators and fields to quickly create searches that span logs, alerts, and lookup tables all in one place.

• Visual Summary & Interactive Search Results: Search results are displayed with both a helpful visual summary and a customizable table. Users can then refine the data based on context from the visual summary or with one-click filtering from the data table. This brings an intuitive approach for moving from one question to the next.

Learn more about Panther’s vision

By leveraging the power of a cloud-native architecture, Panther delivers a simple, but powerful SIEM solution that empowers any security team to find signal in the noise faster than legacy solutions.

To learn more about Panther and how it can help you accelerate investigation, check out our upcoming webinar where we’ll show you how to ditch your legacy SIEM and upgrade to a modern SIEM that provides real-time visibility from day one and start detecting your first threat in <1 hour.