LogicHub introduces automation updates to its SOAR platform

Security vendor LogicHub introduced new features to its SOAR platform that intend to automate tedious threat detection and response processes and save security teams time.

LogicHub introduced new features to its security orchestration, automation and response platform, SOAR+, which utilizes advanced analytics and machine learning to augment accuracy and effectiveness of security operations.

The LogicHub SOAR+ platform intends to automate decision-making to improve the process from data gathering to data analysis. According to the vendor, most SOAR technology lacks automation between the data ingestion and decision-making phases, and it claims its platform fulfills this need.

According to the Internet Society's 2018 Cyber Incident & Breach Trends Report, the number of data breaches from cyberattacks has gone down since 2017, but the financial impact of attacks rose 60%. The report also found 95% of identified breaches could have been prevented.

SOAR programs are integral in simplifying the tedious and time-consuming work of incident response teams, such as sorting all incoming threats and identifying appropriate responses.

LogicHub's platform adds advanced threat context and virtualizes Level 3 security analyst expertise that informs expert recommendations in real time; with this capability, the platform walks security operations teams through typically difficult and time-consuming decision-making processes.

With its upgrade, the LogicHub SOAR+ platform introduces the following features:

  • Autonomous detection and response enables security teams to easily decipher dangerous activity while recognizing authorized actions. LogicHub also utilizes threat detection playbooks based on the Mitre ATT&CK framework.
  • Accurate alert triage analyzes and classifies incident alerts with 97% accuracy and applies data science to automatically produce decision trees, reducing analyst workloads by five to seven times, according to LogicHub.
  • Automated case management turns threat hunting playbooks into actionable incident response recommendations to expedite accurate incident resolution.

The Mitre ATT&CK framework documents threat tactics used by hackers -- identified from analyzing millions of attacks on enterprise networks -- to inform researchers and security technology of common attack patterns and malware development.

Security vendor D3 Security recently released updates to its SOAR platform that predict attacker behavior and next steps with the Mitre ATT&CK framework and automate decision tree-based playbooks for threat remediation.

LogicHub is demonstrating its newest intelligent automation features at the Black Hat conference in Las Vegas until Aug. 9, 2019.

Dig Deeper on Threat detection and response

Networking
CIO
Enterprise Desktop
Cloud Computing
ComputerWeekly.com
Close