icon-accurate@2x Challenge

Incident response policies and preferences vary between organizations and are frequently dependent on a variety of factors, like type of action, threat severity, and even the time of day. A managed detection and response provider (MDR) has to accommodate each organization’s unique response requirements leading to extensive preparation to document response plans and slow MTTRs as individual analysts look up correct procedures for responding to individual threats. Or the provider abdicates responsibility and limits liability by only providing recommended actions that each organization is required to take completely on their own. This is particularly problematic for an organization that is using an MDR to deliver after hours protection, but has no means to respond to critical threats until regular business hours.

icon-fast@2x Solution

LogicHub uses its SOAR+ platform to deliver automated incident response capabilities that are customized to meet the individual requirements of every MDR+ customer, with the option to require one-click authorization for any action. And each response can be built to adapt to different scenarios, like threat severity, specific device types or user groups, or time of day. For example, with critical threats an organization can require one-click authorization before taking invasive actions like quarantining a device or disabling a user account during normal hours of operation, while fully automating the same actions after hours. LogicHub’s SOC analysts are still investigating and validating threats on a 24x7 basis, but individual organizations can take control of the response process for each individual scenario without requiring a 24x7 operation of their own. This allows any organization to determine how to respond to any type of threat in the way that they need. And because the process is built into a playbook, we eliminate the risk of human error that could lead to an improper response.

Similar case studies

Automatically Quarantining Infected Hosts
Quarantine infected host automatically or with one-click authorization.
Automating EDR Alert Triage
Automatically analyze, investigate and triage EDR events and alerts at scale.
Automating Phishing Triage
Automatic analysis, detection and triage of potential phishing attempts.
Automating SIEM Alert Triage
Automatically analyze, investigate and triage SIEM events and alerts at scale.
Detecting and Disabling Compromised Credentials
Automatically detect and disable compromised user and admin credentials.
Detecting Exposed AWS Keys
Find and disable AWS keys that have been inadvertantly exposed.
Hunting for Insider Threats
Automatically hunt for and detect insider threats.
Malicious Powershell Commands
Detect the malicious user of Powershell commands.
Managed O365 Detection and Response
Cloud productivity managed detection and response for O365 users.
Threat Hunting in GitHub
Using automated playbooks to deliver continuous threat hunting.
Using TIP to Automatically Triage Network Events
Using threat intelligence platforms to accurately triage network events.
Managed Detection and Response for G-Suite
Cloud productivity managed detection and response for G-Suite users.
MDR After Hours Incident Response
Managed detection and response for after hours threat protection.
Respond to User Reported Incident
Automate incident response to issues reported by users.
Automating Threat Hunting in AWS CloudTrail Logs
LogicHub has developed a playbook to hunt for risks in one such solution, AWS CloudTrail logs. This conducts seven investigations in parallel to identify risks within the CloudTrail logs.
Automating Threat Hunting in Web Proxy Logs
By running the LogicHub Playbook for Web Proxy Threat Hunting, Security Operations Centers (SOCs) can discover surreptitious communications with remote Command and Control (C2) applications that play an integral part in security attacks.
Automating Threat Intelligence Searches
One of the many use cases that LogicHub customers have implemented and benefited from is that of automating the search for Indicators of Compromise (IOCs), that are distributed from various 3rd party sources within their environment.
Monitoring Files Written to USB
LogicHub customers have implemented and benefited from automating the monitoring of users writing files to external USB drives.