By Sergio Lozano Álvarez, Product Marketing Manager
Many mid-size organizations lack the resources and/or knowledge for an EDR (Endpoint Detection and Response) solution, in contrast, those who do have the resources still sometimes lack the knowledge and skills to handle the threat information provided by it. In the constant battle for a robust cybersecurity infrastructure, organizations might add unnecessary complexity to their tech stack by adding new technology and tools, leaving their SOC teams fatigued and struggling to manage too many instruments.
To help with this challenge, Logpoint now offers AgentX as part of our Converged SIEM platform greatly improving threat detection, accelerating investigation, and ensuring lightning-fast remediation seamlessly with SIEM and SOAR.
Accelerate TDIR from one single platform
AgentX is a lightweight agent that collects logs and telemetry from endpoints and transports them to the SIEM. Then, powered by SOAR, AgentX performs an automated real-time investigation and remediation of threats.
In addition, AgentX is highly customizable for endpoint observability, allowing more precise malware detection and faster remediation. Therefore, analysts gain better detection, investigation, and response capabilities.
This native capability reduces the expenditure on extra applications. However, the most relevant reduction takes place in the complexity of the organization’s tech stack. The SOC team secures time and efficiency as they don’t have to shift between UIs. By saving time, SOCs can focus on what’s most important: Keeping the business safe against cyber threats.
Data enrichment equals better endpoint threat analysis
Through our SIEM logs and telemetry collected by AgentX are normalized into a single taxonomy, so analyst can gain more context to remediate threats in endpoints. That might seem easier said than done. So how does this work?
To put it simply, endpoint data is used to enrich SIEM and SOAR events. This new agent comes with OSQuery action and investigation playbooks (see how AgentX and OSquery can be used here) that retrieve contextual information and assesses the state of the endpoint in almost real-time.
Further, alerts received by the SOC team come with a more detailed analysis of the incidents originating from endpoints. Security analysts struggle to protect their organizations against a growing number of threats. According to the World Economic Forum’s Global Cybersecurity Outlook 2023, cybercriminal groups have continued to create a higher volume of new attack types taxing cyber resources of organizations and forcing them to ignore strategically important activities to address immediate issues.
A more detailed analysis reduces the workload for analysts and decreases the meantime to investigate and the mean time to respond (MTTR), which are key to keeping your company safe. All in all, the use of AgentX culminates in an improved security stance.
Customizable endpoint protection to stay compliant
Delivered with more than 20 out-of-the-box playbooks, AgentX further ensures it’s easier to get going from the start and they can be adjusted at any time. But its capabilities don’t end here. It helps to improve compliance coverage to reach global security standards.
By enriching event logs and telemetry with compliance standards, such as GDPR, NIS2, and NIST amongst others, analysts can quickly identify gaps corresponding to regulatory compliance.
AgentX also performs policy checks with pre-defined controls, analysts can define their policies and the scan interval.
By launching this native endpoint agent that ties in seamlessly with SIEM and SOAR, Logpoint continues to provide an evolving converged solution that eases and improves the TDIR process.
You can see AgentX in action in our Emerging Threats Reports like this one - Here
Would you like to discover more about AgentX? Reach out to your Logpoint contact.
Sign up for our webinar on Endpoint Security