Call us on:
Vector8 is excited to announce we have launched EchoTrail as a standalone product and enablement company! We believe this move postures EchoTrail to better support its customers and our community. Please visit them at https://echotrail.io

EchoTrail is the synthesis of combined decades worth of hunting, detecting, and responding to nation-state and targeted attacks across over 80% of the world’s countries, inside and outside of government organizations, and within every industry vertical. The platform is specifically designed with a mindset of scale and practical operational procedures, enabling it to be operated and scaled with a small number of security analysts, not developers. Operationalizing the methodologies this platform promotes has resulted in sub-hour discoveries and scoping of targeted attacks compared to the industry average of months.

Use Cases

Operationalize Sysmon
  • Centrally orchestrate and inspect Sysmon data in real time
Manage Playbooks
  • Build automated logic to minimize manual analysis and human time
Create custom actions
  •   Send raw data to a log of record or cold storage
  •   Send alert data to a SEIM or case management system
  •   Email/Slack/IM integration
  •   Trigger any web-connected IoT device
Pare down event data to save on storage and ingest costs
  •   Filter event streams based on any field, condition, or custom tag
Control non-security event data
  •   IT operations data
  •   Devops log data
  •   IoT telemetry

Features

Detect lateral movement, fileless attacks, and automated malware that is commonly missed by conventional security products
  • Enables straightforward, behavior-based patterns versus static, myopic signatures
Completely passive sensor and forwarder engineered by Microsoft and Elastic Company
Real-time analytics driven by analyst-written plays
  • Manipulate data fields inline
  • Develop real-time detections or hunting triggers based on computer behavior
  • Correlate across computer behaviors
  • Write raw or alert data wherever you want
  • Test and deploy new plays within minutes without change requests or signature files pushed to sensors
  • Rapidly tune existing plays for analyst-driven alert volume management
Built on an operationalized hunting methodology that historically detected and scoped targeted attacks under an hour on average
Strategically supplements existing SOC and IR procedures - keep your SEIM and log of record