In the current cybersecurity landscape, MSSPs play a crucial role in delivering the management and monitoring of systems and security for businesses that can’t manage every aspect. Some MSSPs help with the whole cybersecurity program, others with only a part. The autonomy of their customers is as diverse as their profiles – and because of this, MSSPs face increasing complexity in how they operate. 

While we at Logpoint can’t help you reduce the disparity of your tenants, we sure can assist you by giving you a better overview and improving your experience when you work with Director, our centralized console for MSSPs – or even sharing tips and tricks.  

Sergio Lozano Álvarez
Sergio Lozano Álvarez

Product Marketing Manager

What’s new in Director? 

With all that in mind, we have added several upgrades in our Logpoint Converged SIEM platform, so you gain enhanced observability into your tenants’ incidents and reduce the time to respond to threats. You’ll see that for this release we have updated everything but the kitchen sink. 

Caption: Director’s dashboard

Caption: Director’s dashboard

Add devices by hostname to support the network architecture of your tenants  

The difficulty of dealing with multiple environments expands due to the not-so-new hybrid workplaces. Many of your customers may have employees working from home, and with that, the issue of the IP address comes into play. 

Now, MSSPs can configure a device by hostname, IP address or both. By allowing the ability to add devices by hostname we ensure that devices that get a new IP address get recognized in Logpoint. Even if an employee takes their laptop and works from home, that’s no problem – Logpoint will identify the devices by the hostname, so you can handle dynamic IP addresses without increasing the number of nodes.  

Take your log collection to next level 

Ingesting logs and telemetry from a wide range of sources is the cornerstone to identify potential security threats. However, this becomes a Sisyphean task if the alerts are not triggered in time because there’s a delay in the log collection. To prevent this and give you more flexibility, now you can configure the delay time, so the delays in log collection won’t affect alert triggering anymore. 

Recently, we launched AgentX, our native agent, to bring endpoint detection and remediation capabilities to the Converged SIEM platform. With this addition, MSSPs can now manage endpoint and log ingestion using the AgentX collector through Director.  

This means an opportunity for you as an MSSP to create new services for your customers and a new revenue stream for your business. 

Brand new case management to reduce MTTR 

High visibility is critical to respond to threats in time, especially for security analysts using SOAR. And so, we just launched a whole new Case Management interface that will give you an immediate overview by grouping related incidents into the same case. On top of that, you can run playbooks within a case. This new update comes in handy for MSSPs managing dozens or hundreds of tenants. 

New Case Management in SOAR

In addition to case management, we have added the possibility to back up and restore an entire playbook set. With this, MSSPs can distribute any new security content, such as playbooks, configurations, or policies, to their tenants who then can import the package. 

Provide faster support with better monitoring of anomalies 

A bird’s-eye view of potential anomalies across users and entities is fundamental to detecting potential threats, whether they come from inside or outside the organization. To help MSSPs to get better visibility and understanding of these from a single pane of glass, we now support UEBA analytics in Logpoint Search Master. 

UEBA is now available in Director to provide user and entity behavior monitoring

UEBA applies machine learning to enrich the log data collected by the SIEM and builds baselines for normal behavior for every user, peer group, and entity in the network to spot anomalies or suspicious activity. Making UEBA available in Director will enable you to monitor user and entity behavior in the network for each tenant – and all from one central console. Now you can provide faster and better support for all your customers and protect them against insider threats. 

Operational updates to improve the experience 

At Logpoint we believe that continuous development should go hand-in-hand an enhanced experience. That's why we’ve allocated time to bring some improvements, such as a disk usage widget, a Captcha login after three failed attempts, and detailed Director fields in audit logs. In addition, now we provide the ability to upload certificates at scale instead of doing it machine by machine.  

Our goal is to continue supporting MSSPs, not only with these updates and with future ones. As MSSPs grow their number of tenants, Director grows with them. So, they can always rely on a flexible and scalable platform that augments their customers’ security. 

Would you like to know more about all we have included in this release for both Logpoint customers and MSSPs? Join our webinar.