LogicHub’s new capabilities assist security operations teams with codifying intelligent decision-making
LogicHub, the provider of the industry’s most complete security automation platform, announced new capabilities that assist security operations teams with codifying intelligent decision-making.
The LogicHub SOAR+ platform offers what traditional SOAR tools are missing by delivering autonomous detection and response, advanced analytics and machine learning to automate decision making with extreme accuracy across historically disparate security operations.
“SOAR technology is good for automating the ingestion and enrichment of data and automating incident response once analysts make decisions about what actions to take,” said Kumar Saurabh, CEO of LogicHub.
“The gap in security automation today, however, lies in going from data to decisions. The release of the LogicHub SOAR+ platform fills this gap by leveraging massive amounts of data and applying advanced analytics and machine learning to codify decision-making across security operations with extreme accuracy.”
LogicHub is the only solution to automate decisions about threat hunting, threat detection, alert triage and incident response in a single platform. The platform autonomously guides security operations personnel through difficult and time-consuming decision-making processes.
It does so by gaining advanced threat context and virtualizing the expertise of level-3 security analysts to deliver expert recommendations in real time. New product enhancements include:
Autonomous detection and response: For example, LogicHub automates advanced threat hunting activities by applying a machine learning model for malicious process detection to differentiate benign from malicious. This enables security teams to easily decipher potentially dangerous activity, such as risky PowerShell actions, beaconing or lateral movement, while recognizing actions carried out by an authorized system administrator.
LogicHub also provides threat detection playbooks based on the MITRE ATT&CK framework, a globally-accessible knowledge base of adversary tactics and techniques. LogicHub autonomously maps attacks in real time to the MITRE ATT&CK framework, delivering users immediate indicators and attack technique context.
Accurate alert triage: LogicHub alert triage analyzes and classifies incident alerts with 97 percent accuracy, providing a 5-7x reduction in analyst workloads. LogicHub’s new alert triage capabilities apply data science to automatically produce decision trees based on numerous alert factors, eliminating the time constraints and false positives and negatives associated with manual investigation of data surrounding security alerts.
Case management: Focusing on the analyst experience, LogicHub’s automated case management features turn enhanced threat hunting playbooks into actionable incident response recommendations. Powered by automation, LogicHub case management features expedite accurate incident resolution.