About Us

Logpoint announced ChatGPT integration for SOAR 

Logpoint has announced ChatGPT integration for Logpoint SOAR in a lab setting. It will enable users to test the capabilities of the AI-powered chatbot and learn how the technology can be applied in cybersecurity operations. 

Logpoint SOAR automates the investigation of security incidents and provides case management tools to assist analysts in automating incident responses. Logpoint SOAR includes a number of pre-configured playbooks as well as the ability to create custom playbooks for automating detection and response processes. 

Edy Almer, Product Manager for Threat Detection and Incident Response at Logpoint stated, “We’re excited to enable our customers to explore the possibilities of using technologies such as ChatGPT to reduce part of their workload. Staying up to date with technology innovations and trends is imperative to understand how we can continue to improve cybersecurity operations.” 

Customers can explore the potential of using SOAR playbooks with ChatGPT in cybersecurity due to the new Logpoint SOAR and ChatGPT integration. 

  • Saving time on breach reports: Using information from a SOAR playbook, ChatGPT can generate breach report drafts from attacks using information about the main timeline events of an investigation and the severity level. An analyst can then review and approve the drafts before the reports are distributed. 
  • Readable, succinct executive summaries: Long compliance report texts can be fed into a SOAR playbook so that ChatGPT can generate an executive summary of the key findings and suggested corrections that is simple enough for executives to read. 
  • Credible awareness training: The ChatGPT SOAR integration can automate some of the awareness training. ChatGPT generates phishing emails automatically, and the SOAR playbook extracts data from LinkedIn, enriches it with email addresses and connections from previous logs, and sends the phishing email to selected recipients, tracking how many click through and how many alert the phishing response team. 

Christian Have, Logpoint CTO commented, “Our customers are always interested in exploring new technologies, and ChatGPT is no exception. With our new integration, they can test whether the technology could reduce the time spent on an attack summary report, which is legally required in Europe, the US, and Asia, and potentially free up valuable time for security analysts.” 

D3 Security launched D3 Chronos

D3 Security has introduced D3 Chronos, a simplified SOAR package for managed security services providers (MSSPs) that can reduce alert-handling times by 90% in under two weeks. D3 Chronos is designed to provide return on investment and prioritize MSSPs’ effectiveness and business outcomes, in contrast to full-scale SOAR implementations that can take months. By optimizing the customer-to-analyst ratios, D3 Chronos enables MSSPs to onboard their clients and automate triage, both of which boost profitability. 

Denis Barnett, VP of Sales at D3 Security, “In today’s competitive managed services landscape, everyone needs automation, but not every MSSP has the resources to commit to a full-scale SOAR implementation. D3 Chronos fills a critical gap in the market by making the revenue-generating potential of SOAR immediately accessible to every MSSP without compromising the power of the software.” 

MSSPs can begin saving time and money by connecting D3 Chronos to the alert sources of their clients. The pricing structure of D3 Chronos is flexible, and it includes a pay-monthly option for smaller businesses that fits the revenue cycle of MSSPs while assisting them in reducing capital expenditures. 

D3 Security’s Event Pipeline, a SOAR technology that works globally to normalize, deduplicate, and triage incoming events, filtering out 90-98% of events and removing false positives before they reach a human analyst, recently made a breakthrough that allowed the development of D3 Chronos. 

D3 Chronos is made for busy MSSPs who want to automate their client growth and increase profits. According to D3 Security, automating triage alone can result in annual savings of more than $1 million for an MSSP processing 400 events per day. 

D3 Chronos also automates tracking of client SLAs and billable hours in addition to the triage and enrichment pipeline. When a situation necessitates a second level of investigation, D3 Chronos compiles the findings into a report for the client, saving MSSP analysts a tremendous amount of time. Growing D3 Chronos MSSPs are supported as they develop with new SOAR options that are suited to their requirements. 

Read More : Security Automation & Orchestration (SOAR)

Darktrace Antigena Protects South African Financial Organizations

A global pioneer in cyber security AI, Darktrace, revealed that its Autonomous Response solution, Antigena, effectively stopped an ongoing ransomware attack that recently struck a South African financial services organization.

When it was targeted by a ransomware attack, the company, a developing enterprise providing various financial services to consumers across South Africa, was testing Darktrace AI. The AI technology had developed a unique understanding of the company’s ‘normal’ behavior throughout its digital estate, allowing it to detect tiny signals of a threat and respond quickly.

Darktrace’s security staff and devoted professionals were able to perform a comprehensive investigation after the attack was contained, ensuring that the incident was effectively stored. The company’s Autonomous Response technology subsequently took action to prevent additional contact with the malicious server on the internet across the enterprise, while allowing computers to continue to behave as they had previously learned. The response was targeted and reasonable, ensuring that normal company activities were not disrupted.

VP of Cyber Innovation, Darktrace, Max Heinemeyer, said, “The speed and scale of ransomware attacks today makes it critical that organizations are armed with technology capable of interrupting in-progress, sophisticated attacks without relying on humans to take the sledgehammer out and interrupt wider business operations in the incident response process. It is inevitable that attackers will strike, often out-of-hours, and stories like these elucidate the power of handing over the keys to AI as the first responder to maintain business as usual while freeing up human teams to focus on high-level work like strategy and cyber hygiene.”

Darktrace AI identified that a mail server within the organization was making odd HTTP connections to an external destination in the early morning hours of March 2022, signifying communication with a hostile server on the internet. With a thorough understanding of the organization’s ‘regular’ activities, the AI immediately recognized that this behavior was out of the ordinary and potentially dangerous. Following that, the infected mail server tried reconnaissance and lateral movement. During the incident, attackers used the credentials of 11 employees, including those of C-level officials. Additional machines in the company began interacting with the malicious external server because of this.

LogPoint to acquire SecBI, bringing native SOAR and XDR solutions to the company

LogPoint, a worldwide cybersecurity innovator, has announced the acquisition of SecBI, a disruptor in automated cyber threat detection and response based in Tel Aviv. LogPoint’s capabilities will be enhanced by the addition of playbook-based automation that improves cyber threat detection and response. SecBI’s universal SOAR and XDR platform will integrate seamlessly with LogPoint, supporting the company’s objective to transform client’s cyber resiliency through innovation by simplifying the complex work of security operations.

“Combining SecBI with LogPoint SIEM and UEBA will immediately drive tremendous value to our current and future customers. As organizations large and small face the most critical cyber threats, security teams need solutions that will help them be more effective and efficient in protecting their organization. This integration will allow customers to quickly launch automated notifications and security remediations using our full-native SOAR capabilities. This is a major step forward in delivering our XDR-enabled operations platform giving our partners and customers one of the most innovative, intuitive, and proven solutions available,” said Jesper Zerlang, LogPoint CEO. 

LogPoint will continue to move toward overcoming the complex cybersecurity concerns that SOCs confront today with the quick integration of SecBI SOAR and XDR technology. Clients will be able to remove false positives and automate incident response as a result of the acquisition. These comprehensive, complementary platforms will work together to automate repetitive tasks, coordinate threat remediation workflows, and autonomously analyze, prioritize, and execute playbooks, allowing analysts to focus on genuine threats and better secure enterprises.

“We are excited to join LogPoint and integrate seamlessly to further extend the company’s foundational cybersecurity solution. With the inclusion of the SecBI technology, LogPoint takes automation to the next level to address the challenges organizations and cybersecurity analysts are facing in responding rapidly to an exponentially rising number of incidents,” said Gilad Peleg, SecBI CEO.

“The combination of LogPoint technology with SecBI XDR and SOAR, creates an end-to-end cybersecurity powerhouse that has exactly the right combination of technology, human capital, and growth potential. Merging Israeli cybersecurity expertise into the international LogPoint organization entails a huge potential for customers across the globe. We look forward to working with Jesper and his team to build a category leader,” said Yoav Tzruya, General Partner at Jerusalem Venture Partners.

Security Orchestration, Automation, and Response (SOAR) – Buying Guide

Purchasing a Security Orchestration, Automation, and Response (SOAR) platform is a smart and strategic move. Selecting a system for building a security operation center (SOC) is perhaps more crucial than selecting a specific security solution. The SOAR system becomes a central and critical component of an organization’s cybersecurity, serving as the operating software for its security environment.

The Power of Automation

When the SOC identifies a threat, the security incident response might mean the difference between containing the danger and allowing a devastating data breach to occur. Because manual processes take longer to respond, cybercriminals have more time to cause damage. Common inquiries and reactions can be automated to decrease response times and risk to the organization. While buying SOAR solution organizations should look for vendors who have powerful automation systems with highly efficient machine learning algorithms.

Orchestration

Orchestration is an approach that links tools, integrates systems, and eventually simplifies and automates activities and it is a critical aspect in determining an organization’s security operation readiness. The security procedures should always be examined and improved to improve performance. Codifying these processes allows businesses to make substantial progress in reducing risk. Organizations should look for SOAR solution providers whose system easily connect or integrates with security systems. The SOAR solutions security processes must be easy to code and improve.

Automation Use Cases

Each security incident is turned into a case that is managed by the SOC and several other departments within the company, including, network operations, IT operations and legal. When a security organization has few established processes, employee wisdom becomes the vehicle for completing tasks. This only helps as long as the team stays together. If someone goes, they take their knowledge, skills and experience with them. Analysts can decrease incident reaction time with pre-packaged, customized automation. Case books or prepared procedures are used in automation use cases. This helps to retain internal knowledge. Automation frequently conjures up images of abrasive defences. The use cases for different sectors like medical, pharma, logistics and IT will be different. An organization should look for vendors who have rich and industry-related use cases.

Dashboard

The dashboard should be professional and simple to use. Analysts should be guided by intuitive workflows and information reports rather than having to comprehend the underlying data architecture. Security Staff in the SOC should be able to work naturally, assigning and completing tasks without thinking about the tool. To enhance event investigation, powerful search capabilities and single-click capability should be accessible. 

Customizability and Flexibility

Choosing a SOAR solution that provides a high degree of customization and flexibility is always a good option. A good SOAR solution will allow an organization to integrate with other security technologies easily and provide an easy-to-use user interface.

Cost

The cost of SOAR varies depending on the size, capability of the network, use cases and power of automation. It’s important to note that a SOAR solution must comply with other security solutions. Because SOAR systems have an expiration policy, which means the vendor will no longer support them, the cost and frequency of system upgrades must be considered. How much money firm is ready to spend? What are the benefits company is going to receive?

Security Support and Maintenance

The second step after selecting a SOAR solution is to implement and support it. In order to be effective, SOAR must be administered by committed trained staff or added to the responsibilities of professional employees. Does the vendor provide training to security teams? There are disparities in terms of costs and levels of service assistance. It’s essential to look into the type of assistance that a particular vendor offers. In any case, comprehensive technical support is an optional extra that could dramatically increase implementation expenses.

The SOAR solution operates as a strategic instrument for the security team, allowing it to accomplish more with fewer resources while freeing up important analyst time from data overload, dull and repetitive activities. It enables the security staff to be more useful and accurate. Using this solution would surely shorten the time it takes to detect and resolve threats, boost the return on existing security solutions, and lower the risk posed by security incidents.