The typical Security Operations Center (SOC) faces 10,000 alerts per day, most of which will turn out to be false positives. Investigating those alerts, false or not, takes time. There’s a lot to sort through, and it’s not uncommon for alerts that indicate the presence of a real attack to be misinterpreted or missed altogether. No wonder that 79% of security analysts are “overwhelmed by the volume of threat alerts,” according to EMA. And no wonder that the average dwell time for an attack is over 100 days. Security analysts often need that long to find enough evidence to detect, characterize, and shut down an attack.

The number of devices on internal networks is only going up, and the sophistication of security attacks is increasing. More alerts and higher risks mean more high-stakes work for SOCs to do right, while working with limited budgets and time.

Automation, SOAR, and SOAR+

How can SOCs make progress in threat detection? Automation is an obvious answer. Over the past few years, many SOCs have deployed Security Orchestration and Automation Response (SOAR) platforms. These platforms automate two stages of a SOC teams work. They automate the collection and enrichment of data before SOC teams perform their threat analysis, and they can automate some basic responses, such as closing ports and isolating servers, once that analysis is complete.

SOAR+ fills the gap.

The LogicHub SOAR+ platform is the only security automation platform that delivers autonomous detection and response automation for security operations teams. By applying machine learning and analytics on large data sets, LogicHub automates security analyst workflows and decisions, helping teams save time, find critical threats, and eliminate false positives.

Autonomous Threat Detection with SOAR+

How does LogicHub provide autonomous threat detection for SOCs?

The LogicHub SOAR+ platform enables security analysts to run playbooks on streams of data at regular intervals.

A stream is a periodic collection of data. For example, it might be a process that runs every 10 minutes and collects all new log entries in Splunk or from a SIEM platform such as ArcSight or SumoLogic. The stream then makes this data available for analysis by one or more playbooks.

Each playbook consists of one or more logical flows. Each flow analyzes data, applies machine-learning-based weighting systems to events, and assigns scores to events, flagging the most important events as requiring the attention of security analysts.

As part of the analysis, LogicHub might compare data to known malicious patterns. It might check the reputation of IP addresses. And using machine learning, it might compare recent activity to the baseline behavior observed over days, weeks or months, making it easier to detect suspicious anomalies.

Each of these analyses gets its own score. Then the flow combines and correlates scores to come up with an overall score. If an incident receives a high score, such as 8, 9, or 10 out of 10, the flow automatically opens a case for the incident in the LogicHub case management system. Optionally, it can open a case in another case management system, such as ZenDesk, which has been integrated with LogicHub. Analysts can fine-tune flows as needed to make their analysis even more accurate over time.

The result of this autonomous threat detection? Security analysts no longer have to pore over hundreds or thousands of alerts per day. Instead, they simply open the cases that LogicHub’s automated analysis flagged as requiring attention. The platform eliminates 97% of false positive alerts, enabling analysts to focus just on the incidents that matter. When analysts work is focused on the threats that matter, and those the cases for those threats included detailed analysis, Mean Time To Resolution (MTTR) plummets, and the organization overall becomes more secure.

Conclusion: SOAR+ Provides the Threat Detection SOCs Desperately Need

SOAR platforms and the LogicHub SOAR+ platform share a common goal: help security analysts detect and respond to threats more quickly. The difference is that, by providing autonomous threat detection through automated playbooks, SOAR+ automates much more of security analysts work, reducing distractions and giving them the detailed case data necessary for stopping threats fast.

Autonomous threat detection continually analyzes streams of data, discovers incidents that could be possible threats, and opens cases for just those incidents. It streamlines work for security analysts, frees them from the drudgery of examining false positives, and lets them focus on doing what they do best: analyzing incidents and protecting their organization’s IT infrastructure.

To learn more about the LogicHub SOAR+ security automation platform, read our use case or contact a LogicHub sales representative.

Blog

Related Posts

June 22, 2022 Willy Leichter

Replace Your SIEM with Neural Net Technology

Security Information Event Management (SIEM) systems are an outdated technology. It’s no longer...

Learn More

June 15, 2022 Tessa Mishoe

LogicHub Security RoundUp: June 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...

Learn More

June 14, 2022 Tessa Mishoe

Follina Zero-Day Vulnerability Breakdown: Analysis and Remediation

Background The newest Microsoft Office zero-day vulnerability, Follina, has been causing a buzz...

Learn More

June 8, 2022 Ryan Thomas

Five Reasons for Alert Fatigue and How to Make It Stop

Alert (or alarm) fatigue is the phenomenon of becoming desensitized (and thus ignoring or failing...

Learn More

May 31, 2022 Kumar Saurabh

The 3 Biggest Challenges Faced by Today's SOCs & One Smart Solution

As a security operations professional, you've put in your fair share of late nights. You know what...

Learn More

May 24, 2022 Ryan Thomas

LogicHub MDR - Jump Start for AWS Applications

Funny thing about cloud infrastructure - it is well documented that running applications in the...

Learn More

May 20, 2022 Willy Leichter

Automating Threat Detection: Three Case Studies

Demystifying the technology with case studies of AI security in action Many automation tools, such...

Learn More

May 17, 2022 Willy Leichter

It's Time to Put AI to Work in Security

While we’ve been talking about and imagining artificial intelligence for years, it only has...

Learn More

May 15, 2022 Tessa Mishoe

LogicHub Security RoundUp: May 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...

Learn More

May 9, 2022 Tessa Mishoe

Bad Luck: BlackCat Ransomware Bulletin

Blackcat Ransomware On April 19th of 2022, the FBI Cyber Division released a flash bulletin...

Learn More