The Uptycs platform is built for large-scale data analysis, with a SaaS backend that applies Lambda streaming analytics to billions of points of telemetry each day. Within seconds of an event, Uptycs correlate it with other signals and fire a single, high-quality detection. In addition, Uptycs automatically gathers relevant artifacts (files, socket connections, etc.) and generates pivot queries for investigation. After the real-time analysis, telemetry is stored for baselines, reports, and investigative queries.
Detecting attacker activity at the endpoint is not enough. You need comprehensive security observability across all your modern attack surfaces, including cloud-hosted workloads, cloud infrastructure, and user activity. Uptycs extends beyond endpoints to cover newer managed container services environments and the cloud infrastructure—tying together attack activity as it crosses on-premises and cloud boundaries. For example, you would not only be able to detect coinminer malware on your workloads (resource hijacking) but also track that activity back to specific user credentials.
A core capability of XDR is endpoint protection, detection, and investigation. As more employees work from home, securing their laptops and workstations is more important than ever. Uptycs supports macOS, Windows, and Linux endpoints with advanced EDR capabilities including file integrity monitoring, the ability to run YARA rules against live memory and files, file carving to extract malicious payloads, application allowlisting, and binary authorization and blocking.
The Uptycs endpoint agent offers a number of features not found in traditional EDR products and that extend the types of detections that are possible. For example, the Uptycs agent captures network telemetry on the endpoint, including DNS correlations with threat intelligence, socket and network correlations, HTTP/S events, and can even match JA3 signatures against observed TLS activity. For sophisticated SOC teams, Uptycs offers a robust REST API for employing detection-as-code.
Whereas most EDR tools focus solely on detecting active breaches; Uptycs adds the ability to proactively detect risks, such as vulnerable software packages and misconfigurations.
