May 17, 2022 Willy Leichter

It's Time to Put AI to Work in Security

While we’ve been talking about and imagining artificial intelligence for years, it only has recently started to become mainstream, and accepted for a wide range of applications – from healthcare analytics to Google Maps and Roombas. At the same time, cybersecurity has been strangely slow in...

Learn More

May 15, 2022 Tessa Mishoe

LogicHub Security RoundUp: May 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be covering a broad view of this past month’s threats, a series of informative use cases seen this month by our teams, and a series of recommended articles, podcasts, and other useful resources. Watch the...

Learn More

May 9, 2022 Tessa Mishoe

Bad Luck: BlackCat Ransomware Bulletin

Blackcat Ransomware On April 19th of 2022, the FBI Cyber Division released a flash bulletin regarding the Blackcat ransomware-for-hire. This was met with mixed reactions - some found the ransomware to be of little concern, others made a case for tracking its progress. Either way, this...

Learn More

May 6, 2022 Kumar Saurabh

Let Humans Be Humans and AI Be AI

LogicHub’s unique decision automation technology can build clients the ultimate security playbook in a matter of minutes. Our platform is not solely AI-driven. It marries the best of what humans and...

Learn More

May 3, 2022 Kumar Saurabh

How to Build a Threat Detection Playbook In 15 Minutes or Less

Automating a threat-hunting playbook with the help of AI Many threat-hunting playbooks we build for use cases can have between 50 to 100 steps – some even more than that. Even for an analyst...

Learn More

April 29, 2022 Tessa Mishoe

Integrating Better: What Can Integrations Do For Me?

Introduction Within the realm of security, there are many different toolsets and opinions on what works and what doesn’t. There are an equal number of variables: from industry standards to data...

Learn More

April 27, 2022 Willy Leichter

Beyond No-Code: Using AI for Guided Security Automation

SOAR Playbooks Outside of football, the term “playbook” is well understood by a relatively small group of security automation ninjas. In many larger enterprises with extensive security teams,...

Learn More

April 21, 2022 Willy Leichter

Goodbye Lonely SIEM, Hello MDR

When updating your systems from a pure Security Information Event Management (SIEM), choosing the right Managed Detection and Response (MDR) service is key. An MDR service needn’t mean you have to...

Learn More

April 15, 2022 Tessa Mishoe

LogicHub Security Roundup: April 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be covering a broad view of this past month’s threats, a series of informative use cases seen this month by...

Learn More

April 12, 2022 Tessa Mishoe

Under the Wire: Evading Censorship & Protecting Sensitive Information

Troubled Times In times of trouble, citizens can feel a sense of deep helplessness. With war, famine, or political unrest raging outside of their window, many feel compelled to help or somehow make a...

Learn More

April 8, 2022 Tessa Mishoe

Weathering Russian Winter: The Current State of Russian APTs

Russian Advanced Persistent Threats (APTs) It’s no secret that Russian Advanced Persistent Threats (APTs) are a significant burden on cybersecurity teams. For years, organizations have been...

Learn More

April 5, 2022 Kumar Saurabh

The Evolution from SIEM to AI Driven Automation

Kumar Saurabh, LogicHub CEO and Co-founder, discusses his experience in the SIEM space and what he sees as the natural evolution from SIEM technology to AI and automation driven detection and...

Learn More

March 31, 2022 Tessa Mishoe

Drawing the RedLine - Insider Threats in Cybersecurity

RedLine Password Theft Malware The RedLine password theft malware is a hot topic this month with Microsoft’s employee compromise. Though Microsoft didn’t offer many officially released details on...

Learn More

March 29, 2022 Ryan Thomas

Announcing the Free Edition of LogicHub SOAR

By using our advanced security orchestration, automation, and response platform, SOC teams and security analysts can automate processes like alert triage, enrichment of data with threat intelligence,...

Learn More

February 21, 2022 Willy Leichter

Improving Security and Reducing Costs Through AI-based Attack Detection

For the last few years, LogicHub has been a pioneer in applying advanced automation, machine learning, and artificial intelligence to improve detection and response, through its advanced automation...

Learn More

December 14, 2021 Tessa Mishoe

Log4J Library Zero-Day Breakdown: Analysis and Remediation

Note: this blog has been updated on December 20, 2021, and we will continue to make updates as more technical information becomes available Exploit Background The Log4j exploit is a vulnerability in...

Learn More

December 8, 2021 Tessa Mishoe

How to Protect Yourself from Ransomware on a Budget

Ransomware is here to stay. It is one of the most direct ways for criminals to monetize cyberattacks, and small and mid-sized enterprises (SMEs) across the spectrum have experienced a marked uptick...

Learn More

September 24, 2021 Tessa Mishoe

Social Deficit: Automating Against Social Engineering

As I stepped into the crowded conference hall at the Mandalay Bay hotel in Las Vegas, I felt a wave of familiarity wash over me. Hundreds of faces, familiar and unfamiliar, produced an excited din in...

Learn More

September 10, 2021 Kevin Broughton

6 Critical Components of Effective eXtended Detection and Response (XDR)

There’s a lot of confusion about the exact definition of an XDR solution, which can obfuscate the important details around what it can specifically do for your security posture. For those looking for...

Learn More

August 24, 2021 Kevin Broughton

The need for consolidated detection and response

If you pay attention to emerging trends in cybersecurity, you’ve probably seen the explosion of companies marketing XDR, the latest acronym buzzword on the market, which stands for eXtended Detection...

Learn More

July 23, 2021 Kevin Broughton

XDR? SOAR? Is there a difference?

Why effective solutions matter more than acronyms Every few years comes a new wave of technology solution marketing that is centered around a common acronym, introducing the latest approach to...

Learn More

July 14, 2021 Kevin Broughton

Why it’s time to for a new approach to SIEM

Short answer - 10x Cost Reduction and more effective Detection and Response Why do you need to rethink how you collect, store and analyze your log data? It’s not because SIEM has stopped being...

Learn More

July 8, 2021 Tessa Mishoe

PrintNightmare Breakdown: Analysis and Remediation

Exploit Background At the start of this month, a proof of concept for a Microsoft print spooler vulnerability rocked Windows admins, causing a clamor to contain the worst of the damage. This...

Learn More

July 7, 2021 Anthony Morris

Reducing Alert Fatigue with Automation

While the numbers vary from study to study based on research methodology, organizational profile and differences in survey questions, there is nearly universal agreement that alert fatigue is a...

Learn More

June 30, 2021 Anthony Morris

Extracting value from legacy firewall logs

Everyone has firewalls and many of the more regulated industries require collecting and reviewing their logs to meet regulations like PCI and HIPAA. But many organizations aren’t sure how to...

Learn More

June 22, 2021 Kevin Broughton

How to implement MITRE ATT&CK based detection and response in under 30 days

The MITRE ATT&CK framework has become increasingly prevalent as a best practices approach to detection and response over the last few years, and for good reason. Rather than promoting an artificial...

Learn More

June 9, 2021 Kevin Broughton

Why you should consider phishing triage as a service

At this point you’d be hard pressed to find someone who hasn't heard of phishing. But despite increased awareness and a wide range of solutions specifically designed to detect and prevent phishing...

Learn More

May 6, 2021 Tessa Mishoe

Part 2: How to Respond to Attack

In our last entry, we discussed the purpose of and past responses to banking ransomware. In this section, we’ll follow a timeline of the stages of infection through a common ransomware strain and the...

Learn More

April 19, 2021 Tessa Mishoe

Dissecting Ransomware: How Hostage Data Leaks Secrets and Causes Devastation: Part 1

At this point, almost everyone has been exposed to the problem of ransomware. Even if not directly impacted you’ve probably heard about it in the news, as an increasing number of banks, hospitals,...

Learn More

March 26, 2021 Tessa Mishoe

Accelerating Case Investigations with Automated Commands

Organizational optimization is an important part of any business. Without it, things can fly under the radar - whether it be monetarily, in productivity, or otherwise. It’s the reason why automation...

Learn More

March 16, 2021 Tessa Mishoe

5 Essential Metrics for Measuring Detection and Response Efficacy

When it comes to monitoring, some of the most important things can also be the simplest. Whether it be small analyst activities like basic triage or larger automated ones like whitelisting, actions...

Learn More

December 17, 2020 Kumar Saurabh

How to determine your level of exposure

By now, if you follow the news at any level there's a good chance that you've heard of the "SolarWinds" exploit. Even non-technical news sources including Bloomberg, Newsweek, MSNBC, CNN, Fox News,...

Learn More

October 23, 2020 Kevin Broughton

The Gartner 2020 Market Guide for Security Orchestration, Automation and Response

The Gartner 2020 Market Guide for Security Orchestration, Automation and Response Gartner still hasn’t released a SOAR Magic Quadrant yet and hasn’t given a timeline for releasing one. But with...

Learn More

September 3, 2020 Tessa Mishoe

This Week in Security 2020.09.02

Hello all, and welcome to another week of TWIS! This week, we’re covering the ever-so-popular topic of insider shenanigans, love in the digital age, stingy bug bounties, medical data leaks, and...

Learn More

May 18, 2020 Kumar Saurabh

Security Automation So Easy a 6 Year Old Can Do It

4 months ago we started on a journey to make security automation so easy that a 6 year old can do it. That was inspired watching my 6 year old son build apps on his ipad using an app called Tynker...

Learn More

March 11, 2020 Tom D'Aquino

Leveraging Security Automation to Merge CrowdStrike, Okta and Active Directory into a Single Incident Response Playbook

“There are not more than five musical notes, yet the combinations of these five give rise to more melodies than can ever be heard. There are not more than five primary colours, yet in combination...

Learn More

March 3, 2020 Tom D'Aquino

G-Suite Account Takeover Detection and Response - Part 1

We have an increasing number of customers that have either migrated to cloud productivity solutions like Office 365 and G-Suite or plan on doing it soon. The migration is usually paired with a decent...

Learn More

February 17, 2020 Kumar Saurabh

LogicHub Accelerates Journey Toward Automated Security Operations with MDR+

The goal of any organization is to continually improve. Today, we are excited to improve the industry’s most complete security automation platform by announcing the release of LogicHub MDR+. By...

Learn More

November 15, 2019 Glenn Gauvin

SOAR+ Series: The Evolution of SOAR Is Empowering Security Analysts Like Never Before

A security analyst is the most valuable asset in any Security Operations Center (SOC). An analyst has the knowledge and experience needed for identifying threats and recommending the fastest and most...

Learn More

October 31, 2019 Kumar Saurabh

Gone Phishing: LogicHub Sends the Machines with Autonomous Phishing Triage

Fishing stories are notoriously exaggerated: “You should have seen this one, it was as big as the boat and took three days to reel in!” Unfortunately, that is not the case with phishing. Phishing is...

Learn More

October 30, 2019 Glenn Gauvin

5 Things that SOCs Should Know About Ransomware

Ransomware – malware that encrypts data and locks down machines until a ransom is paid, usually by means of a digital currency – has been a serious and growing problem for years. It has crippled the...

Learn More

September 20, 2019 Glenn Gauvin

SOAR+ Series: Recommendations Make Building Playbook Flows Fast and Easy

Security threats are increasing, and security analysts have more data and devices to keep their eyes on than ever before. There are more devices, more types of devices, more cloud services, and...

Learn More

September 3, 2019 Glenn Gauvin

SOAR+ Series: Why SOAR Needs Machine Learning

False positive alerts are the bane of any Security Operations Center (SOC). A false positive suggests something is wrong and requires a security analyst’s attention, preferably as soon as possible....

Learn More

August 27, 2019 Kumar Saurabh

Outcome-Oriented SOAR Implementation

If you’re a CISO who has invested in a SOAR (Security Orchestration, Automation and Response) platform, you might be wondering if you’ve actually made your organization safer. Sure, you’ve deployed...

Learn More

August 25, 2019 Glenn Gauvin

SOAR+ Series: Why SOAR+ Requires Advanced Analytics

Analysts in Security Operations Centers (SOCs) are feeling overwhelmed, and numbers tell the story. A 2018 survey of security professionals found that their organizations are receiving anywhere from...

Learn More

August 20, 2019 Glenn Gauvin

SOAR+ Series: Autonomous Threat Detection Helps SOCs Keep Companies Safe

The typical Security Operations Center (SOC) faces 10,000 alerts per day, most of which will turn out to be false positives. Investigating those alerts, false or not, takes time. There’s a lot to...

Learn More

August 20, 2019 Evan Gaustad

LogicHub’s Windows Process Creation Events Playbook and MITRE ATT&CK

When attackers breach a network, they don’t just grab the first data they find and shut down their attack, content with having broken through defenses and made an illicit gain. Instead, they get...

Learn More

August 6, 2019 Kumar Saurabh

LogicHub Redefines The SOAR Category With SOAR+

The day we’ve been waiting for has come. We couldn’t be more excited to share that we launched the next generation of our platform, SOAR+, taking security automation to places it’s never been before....

Learn More

July 19, 2019 Glenn Gauvin

Accelerate Phishing Triage

How Modern Day SOC Teams Defeat Phishing Phishing is a big problem that’s only getting bigger. The volume of phishing messages grew 41% in 2018, reaching 3.4 billion messages per day. Eighty-three...

Learn More

November 6, 2018 Kumar Saurabh

7 Ways to Make the Most of Baselines for Threat Detection

Security threats show no signs of abating, so security analysts need every useful tool they can get to detect, analyze, and stop threats as quickly as possible. In this post, I’m going to talk about...

Learn More

October 25, 2018 Kumar Saurabh

How to Use Machine Learning to Make Your Security Automation Platform Smarter

Across the IT security industry, there’s a growing recognition that enterprises can no longer detect and stop security attacks without the help of automation. Today’s security teams are dedicated,...

Learn More

October 12, 2018 Hormazd Romer

What Is SOAR? And What to Know Before You Buy

Malware, ransomware, phishing, data exfiltration–the list of threats facing SMBs and enterprises seems to grow more daunting every year. Data breaches are up. Attacks are becoming stealthier. IT...

Learn More

October 2, 2018 Kumar Saurabh

How to Measure and Improve Decision Automation for Cybersecurity (Next Gen SOAR)

Facing an increasingly sophisticated barrage of threats, Security Operations Centers (SOCs) today are evaluating a variety of security tools, including security automation tools. Security Operations,...

Learn More

September 13, 2018 Kumar Saurabh

Overcoming SOAR hurdles with Security Automation on Demand

By now, the benefits of Security Orchestration, Automation and Response (SOAR) systems are obvious to just about every CISO and security analyst. The benefits for Security Operations Centers (SOCs)...

Learn More

August 6, 2018 Hormazd Romer

Data Breaches Are Taking Longer to Detect and Contain

Time is on the side of the attackers, the hackers, the criminal syndicates, and the nation states trying to breach your network. That’s a finding from a new IBM/Ponemon Institute study on data...

Learn More

May 9, 2018 Hormazd Romer

RSA Attendee Survey Highlights Need for Security Automation and Threat Hunting

Enterprise IT security professionals believe that human expertise will always play a key role in detecting and stopping security threats. That’s just one of the findings from a a survey we conducted...

Learn More

April 4, 2018 Hormazd Romer

Introducing ThreatGPS for GitHub

From your personal bookcase to the Harvard Law library, a centralized collection of knowledge is an amazing resource to access. Is there a way to protect each book, no matter its age, location, or...

Learn More

April 1, 2018 Hormazd Romer

Why GitHub Could Be Your Weakest Link and How to Protect Your Organization

GitHub helped facilitate a boon for open-source software upon its founding 10 years ago, but the platform has not been without its drawbacks. For many organizations, their primary concern lies with...

Learn More

March 24, 2018 Hormazd Romer

Cybersecurity readiness starts with smarter investments

The results of the Hiscox Cyber Readiness Report are in, and it appears that seven of 10 organizations currently fail the cybersecurity readiness test. That's not all: 69 percent of respondents...

Learn More

March 19, 2018 Hormazd Romer

SOAR back-to-basics: People, process, technology of the automated SOC

Let's face it: The old security models are broken. Cyberattackers are breaching organizations in record numbers, and each year it seems the damages become more pronounced. Point solutions certainly...

Learn More

March 5, 2018 Kumar Saurabh

Can we really automate how security analysts think?

This article was originally posted on CSO.  In some conversations with security leaders, I inevitably run into a skeptic view that automation will never be able to replicate the decision making of...

Learn More

February 16, 2018 Hormazd Romer

Security automation or bust: Why SecOps analysts cannot do it alone

We're about to throw some numbers at you, but bear with us: We think you'll find this fascinating.  There are 86,400 seconds in a day. Compare that to the average daily noise create by security...

Learn More

February 8, 2018 Hormazd Romer

How security automation elevates the role of the human analyst

Security analysts are a CISO’s most valuable sec ops resource. Plain and simple. And with cybersecurity expertise in high demand and low supply, retention of those security analysts is a top priority...

Learn More

February 2, 2018 Hormazd Romer

False negatives: The silent killers of the sec ops world

Reducing false positives in huge batches of network security events is the banner benefit of security automation. And it makes sense: Security expertise is in historically high demand and woefully...

Learn More

November 16, 2017 Kumar Saurabh

What CISOs Need to Know about the Psychology behind Security Analysts

This article was original posted on DarkReading Bandwidth, boredom and cognitive bias are three weak spots that prevent analysts from identifying threats. Here's how to compensate. Even if you have...

Learn More

October 13, 2017 Kumar Saurabh

How cognitive and robotic automation play in SecOps

This article originally appeared in CSO Online The prevalence of automation is everywhere in our modern, tech-first culture and continuously on the rise — with good reason. Cybersecurity experts see...

Learn More

September 28, 2017 Kumar Saurabh

Getting the most out of your SIEM investment

This article was originally posted on HelpNetSecurity Over the last 10-15 years, many organizations built Security Operations Centers (SOCs) on the backbone of security information and event...

Learn More

August 31, 2017 Kumar Saurabh

Why automation isn’t everything in cybersecurity

This article was originally posted on CSO Everything is becoming more automated, but what does this really mean or look like for SecOps? How do you evolve with automation while still keeping your...

Learn More

July 20, 2017 Monica Jain

Removing Haystacks to Find Needles

For the past 15 years the cybersecurity industry has been stuck in a paradigm. That might sound provocative given how many new technologies have been introduced to deal with the massive increase in...

Learn More

June 20, 2017 Kumar Saurabh

Continuous Threat Detection

Threat Detection is a notoriously difficult problem that most security organizations continue to struggle with. Despite a myriad of tools, 24/7 SOCs, and millions spent on services, the average time...

Learn More

May 26, 2017 Kumar Saurabh

We put Security Analysts through Blue Team Training…Here’s what happened

Several months ago we started conducting Blue Team Training Sessions with a group of security analysts averaging 4+ years of experience. We had several goals in doing so. First, we wanted to get an...

Learn More

March 21, 2017 Kumar Saurabh

If Incident Response Automation is Hot, Threat Detection Automation is Sizzling

A recent article in Network World by ESG's Jon Oltsik correctly called out the fact that Incident Response (IR) automation is becoming a very hot topic in the infosec world. In it, Oltsik calls out...

Learn More

February 1, 2017 Kumar Saurabh

Introducing LogicHub™

Great companies are built on two major factors: compelling market need and innovative solutions. As we launch LogicHub, we aspire to be one of those great companies. So we want to begin by...

Learn More

January 18, 2017 Monica Jain

5 Key Limitations of Doing Threat Detection with Rules

The majority of security teams still rely on rules to detect threats. Typically, these teams have a central repository of security events and implement rules that create an alert when the condition...

Learn More

January 15, 2017 Kumar Saurabh

SIA: Scaling Human Security Intelligence with Automation

While SIM and other security analytics products are able to detect and alert on “known” threats, they are ineffective at recognizing and alerting on threats that the system does not already know how...

Learn More