New platform helps automate security operations
Speed of response is critical for security teams, which is why many companies employ Security Orchestration, Automation and Response (SOAR) tools.
Security automation platform LogicHub is looking to take SOAR a step further with the launch of a SOAR+ platform offers autonomous detection and response, advanced analytics and machine learning to automate decision making with accuracy across disparate security operations.
"SOAR technology is good for automating the ingestion and enrichment of data and automating incident response once analysts make decisions about what actions to take," says Kumar Saurabh, CEO of LogicHub. "The gap in security automation today, however, lies in going from data to decisions. The release of the LogicHub SOAR+ platform fills this gap by leveraging massive amounts of data and applying advanced analytics and machine learning to codify decision-making across security operations with extreme accuracy."
LogicHub automates advanced threat hunting activities by applying a machine learning model for malicious process detection to differentiate the benign from the malicious. This enables security teams to easily decipher potentially dangerous activity, such as risky PowerShell actions, beaconing or lateral movement, while recognizing legitimate actions carried out by an authorized system administrator.
It also offers threat detection playbooks based on the MITRE ATT&CK framework, a globally-accessible knowledge base of adversary tactics and technique. LogicHub's alert triage analyzes and classifies incident alerts with 97 percent accuracy, helping to cut analyst workloads.