The day we’ve been waiting for has come. We couldn’t be more excited to share that we launched the next generation of our platform, SOAR+, taking security automation to places it’s never been before. While traditional SOAR platforms support analysts by automating the data collection and data enrichment, providing the ability to go from data to decision making has remained outside the scope of possibilities -- until now.
With SOAR+, LogicHub becomes the only solution on the market to automate how security analysts make sense of data and make decisions on the appropriate course of action. This cognitive approach to codified decision making helps analysts successfully apply automation not just to incident response, but also threat detection.
When it comes to automating threat hunting, alert triage and incident response, decision automation is the hardest part, as the logic required for decision-making is often too complex to capture with a scripting language. Traditional SOAR platforms only extract and enrich data and expect analysts to look at that data and make a decision about whether it’s a real attack and then take action.
By applying machine learning and analytics on large data sets, LogicHub SOAR+ automates security analyst workflows and decisions, helping teams save time, find critical threats, and eliminate false positives. Our platform fills the blind spot in security automation, delivering autonomous detection and response powered by the industry’s first decision engine. LogicHub SOAR+ also provides a full graphical view with readable explanations of each logical step along with the final output and scores, so analysts can rapidly review and validate results.
Why is this groundbreaking?
It comes down to the main challenge security analysts continue to face: the fact that threat hunting, alert triage and incident response ALL require complex decision-making. For example, to perform alert triage, analysts must decide whether or not an alert indicates a real incident. While threat hunting, analysts have to decide whether the activity they are looking at is malicious or benign. Finally, in the incident response stage, analysts spend a lot of time confirming that the incident is real and then decide how best to respond.
The LogicHub SOAR+ platform arms security analysts with an expert system that virtualizes the knowledge and expertise of security analysts and incident responders, baking it in as playbooks and turning them into recommendations. With a powerful decision engine, LogicHub can eliminate false positives and detect hard to find threats with minimal programming or analysts’ time. Automating more of the decision-making within the SOC makes it easier to expedite case resolutions and turn the information locked in security playbooks into thoughtful recommendations.
Sound incredible? We think it is.
We strive to be a highly customizable security automation platform that makes it easy for security teams to tailor and fine-tune playbooks in order to actually address security challenges such as alert triage and threat hunting. With the next generation of security automation, our goal is to make security automation practical and affordable for even the busiest security operations center (SOC).
To learn more about the LogicHub SOAR+ Platform, please visit: http://www.logichub.com/solutions/. We also invite you to see LogicHub in action at Black Hat this week (Aug. 7-8) at booth 865.