Ensuring your organization is secure, and stays that way, is not an easy job. There are too many logs to manage, and the surface attack continues to increase. For SOC teams it’s not so much about an attacker breaching through the path of least resistance, but when that will happen.
Needless to say, security teams feel overwhelmed by the number of alerts. They deal with external and internal threats on a regular basis, by both enabling compliance teams and even by educating staff at ground level on good security practices. According to Forrester, in addition to this, SOC teams have also to deal with siloed data and bad integrations.
It’s obvious that SIEM vendors need to be more than just software providers, they must become allies of security analysts. Long gone are the days when they were simply provided with a platform. At Logpoint we believe that the success of any organization’s cybersecurity strategy relies on customer-centric security platforms, such as Converged SIEM.
In that spirit of improving the experience of working with Logpoint and, in turn, providing more efficiency and effectiveness in security operations, we have released a bunch of updates during this quarter that will delight CISOs and cybersecurity professionals alike.
To start with, it’s now easier to consume the results of UEBA. We put order to chaos and organized the number of alerts across all detectors better. This rearrangement in the number of overall alerts will make it less complex for analysts to review and react to them as well as facilitate their work with UEBA.
Not only will this update improve alert generation for anomalies by adding rules, correlation, and playbooks, but also the algorithmic detection. And it’s thanks to how seamlessly UEBA integrates with SIEM and SOAR.
Did you know that you can run playbooks on anomalies related to users depending on whether they are whitelisted and adjust the level of severity accordingly?
Whitelisting playbook. With Logpoint you don’t have a standalone SIEM, SOAR, and UEBA but a Converged SIEM in which all data is integrated.
SOAR was never difficult, but now it’s easier than ever
We have more than 85 out-of-the-box playbooks for the most common use cases and beyond, but when you need to tailor your playbooks, things should still run smoothly. We want to improve your experience working with SOAR making the SOC team more efficient and saving them time.
That’s why we improved the playbook flow. We added an action called String Utilities that lets you manipulate strings, including both lowercase and uppercase conversion and encoding and decoding to different formats. In addition to this, now you can clone actions. When editing a playbook, you realize that some actions are quite similar or enhance others. By cloning actions, you will save time and avoid mistakes.
During the last quarter, we came up with a whole new interface for cases. Now you have the possibility of searching for a case or a group of cases by applying different filters to a query. You can query the list of cases for all metadata, including artifacts and artifact value.
See how easy it is to work with SOAR. Check the video below showing the integration of SIEM, SOAR, and UEBA.
Securing your business even outside of Logpoint
Security, just like compliance, is not a switch one simply turns on and off but a series of due diligence processes. Cybersecurity providers need to act as allies. To help strengthen the security posture of our customers, even outside of Logpoint, you can encrypt your reports with a password.
Let’s say someone on the board requires a report on the threats detected and remediated in the last month but doesn’t have access to Logpoint. To make it easier for the SOC team to share that information without sacrificing security, you can encrypt both the download and the report with a password. No more pesky mistakes because of last-minute report requests. By making sure that only the right people have access to specific information, we extend your security to where you thought a SIEM solution would never reach.
What else is new in Converged SIEM?
Great software upgrades come with a nice balance of customer experience and technical development. During these months we have also worked on threat visibility for various elements of our BCS for SAP solutions through the launch of new extractors.
This update will provide our users with higher security in the SAP Message Server, four new use cases for stronger detection of fraudulent activities, and more safety when accessing the SAP systems remotely.
And as we speak, we are cooking up some great upgrades to SOAR. In the following weeks, we will release improvements to both the experience and performance of SOAR.
If you want to know more about our products and how they smoothly integrate with each other on our Converged SIEM platform, you can always contact our team. We’re happy to show you how Logpoint can be an ally for your business.