Shifting from security analytics to security operations
I am beyond proud to say that LogPoint acquired Universal XDR vendor SecBI a couple of months ago. The acquisition was the culmination of an evolution within LogPoint to improve incident investigation that started years ago with our Automatic Investigations (AI) platform.
We designed LogPoint AI to take a data-driven approach to investigations by:
- Analyzing how users of the system acted and repeating the right actions next time an incident popped up
- Analyzing what data was typically associated with an incident and associating similar data next time an incident came up
- Learning from active and closed cases and using the relevant metadata to reapply the learning to other cases
Coincidentally, SecBI researched and built out an Autonomous Investigations capability, which served the same purpose of accelerating triage and investigation.
With the announcement of our new solution LogPoint SOAR, the research and further development of these more advanced features for investigations have found a home.
I’m excited to share our vision for security operations and reflections on how LogPoint’s shift from security analytics to security operations will impact our customers in the coming years.
Data-driven decision making for analysts and CISOs
An increasingly critical balance that security teams, particularly security leaders, must strike is on resources spent.
For the CISO, having the ability to determine if a specific security control is valuable and will provide actionable information, all while justifying the cost compared to a different control or an external expert service provider, is invaluable.
The security analyst needs to strike the same balance. Is the analyst working on the right incident, covering the right scope of systems and having the right amount of contextual information about the threat actors’ tactics, techniques, and procedures (TTPs)?
Monitoring and validating the protection performance of the people, processes, and controls that defend the organization
A curse in security is that you never know when you have done enough. It’s not a curse that will be broken any time soon, with changes in threat landscapes, threat actor behavior and advances in detection and response technology. We can’t rid ourselves of the curse, so we are forced to evaluate our security posture quantitatively. With the evaluation, we can gain insight into whether our posture is improving or not. Quantitative security posture validation sounds advanced and complex, but in reality, it’s pretty straightforward.