About Us

Logpoint announced ChatGPT integration for SOAR 

Logpoint has announced ChatGPT integration for Logpoint SOAR in a lab setting. It will enable users to test the capabilities of the AI-powered chatbot and learn how the technology can be applied in cybersecurity operations. 

Logpoint SOAR automates the investigation of security incidents and provides case management tools to assist analysts in automating incident responses. Logpoint SOAR includes a number of pre-configured playbooks as well as the ability to create custom playbooks for automating detection and response processes. 

Edy Almer, Product Manager for Threat Detection and Incident Response at Logpoint stated, “We’re excited to enable our customers to explore the possibilities of using technologies such as ChatGPT to reduce part of their workload. Staying up to date with technology innovations and trends is imperative to understand how we can continue to improve cybersecurity operations.” 

Customers can explore the potential of using SOAR playbooks with ChatGPT in cybersecurity due to the new Logpoint SOAR and ChatGPT integration. 

  • Saving time on breach reports: Using information from a SOAR playbook, ChatGPT can generate breach report drafts from attacks using information about the main timeline events of an investigation and the severity level. An analyst can then review and approve the drafts before the reports are distributed. 
  • Readable, succinct executive summaries: Long compliance report texts can be fed into a SOAR playbook so that ChatGPT can generate an executive summary of the key findings and suggested corrections that is simple enough for executives to read. 
  • Credible awareness training: The ChatGPT SOAR integration can automate some of the awareness training. ChatGPT generates phishing emails automatically, and the SOAR playbook extracts data from LinkedIn, enriches it with email addresses and connections from previous logs, and sends the phishing email to selected recipients, tracking how many click through and how many alert the phishing response team. 

Christian Have, Logpoint CTO commented, “Our customers are always interested in exploring new technologies, and ChatGPT is no exception. With our new integration, they can test whether the technology could reduce the time spent on an attack summary report, which is legally required in Europe, the US, and Asia, and potentially free up valuable time for security analysts.” 

D3 Security launched D3 Chronos

D3 Security has introduced D3 Chronos, a simplified SOAR package for managed security services providers (MSSPs) that can reduce alert-handling times by 90% in under two weeks. D3 Chronos is designed to provide return on investment and prioritize MSSPs’ effectiveness and business outcomes, in contrast to full-scale SOAR implementations that can take months. By optimizing the customer-to-analyst ratios, D3 Chronos enables MSSPs to onboard their clients and automate triage, both of which boost profitability. 

Denis Barnett, VP of Sales at D3 Security, “In today’s competitive managed services landscape, everyone needs automation, but not every MSSP has the resources to commit to a full-scale SOAR implementation. D3 Chronos fills a critical gap in the market by making the revenue-generating potential of SOAR immediately accessible to every MSSP without compromising the power of the software.” 

MSSPs can begin saving time and money by connecting D3 Chronos to the alert sources of their clients. The pricing structure of D3 Chronos is flexible, and it includes a pay-monthly option for smaller businesses that fits the revenue cycle of MSSPs while assisting them in reducing capital expenditures. 

D3 Security’s Event Pipeline, a SOAR technology that works globally to normalize, deduplicate, and triage incoming events, filtering out 90-98% of events and removing false positives before they reach a human analyst, recently made a breakthrough that allowed the development of D3 Chronos. 

D3 Chronos is made for busy MSSPs who want to automate their client growth and increase profits. According to D3 Security, automating triage alone can result in annual savings of more than $1 million for an MSSP processing 400 events per day. 

D3 Chronos also automates tracking of client SLAs and billable hours in addition to the triage and enrichment pipeline. When a situation necessitates a second level of investigation, D3 Chronos compiles the findings into a report for the client, saving MSSP analysts a tremendous amount of time. Growing D3 Chronos MSSPs are supported as they develop with new SOAR options that are suited to their requirements. 

Read More : Security Automation & Orchestration (SOAR)

Security Orchestration, Automation, and Response (SOAR) – Buying Guide

Purchasing a Security Orchestration, Automation, and Response (SOAR) platform is a smart and strategic move. Selecting a system for building a security operation center (SOC) is perhaps more crucial than selecting a specific security solution. The SOAR system becomes a central and critical component of an organization’s cybersecurity, serving as the operating software for its security environment.

The Power of Automation

When the SOC identifies a threat, the security incident response might mean the difference between containing the danger and allowing a devastating data breach to occur. Because manual processes take longer to respond, cybercriminals have more time to cause damage. Common inquiries and reactions can be automated to decrease response times and risk to the organization. While buying SOAR solution organizations should look for vendors who have powerful automation systems with highly efficient machine learning algorithms.

Orchestration

Orchestration is an approach that links tools, integrates systems, and eventually simplifies and automates activities and it is a critical aspect in determining an organization’s security operation readiness. The security procedures should always be examined and improved to improve performance. Codifying these processes allows businesses to make substantial progress in reducing risk. Organizations should look for SOAR solution providers whose system easily connect or integrates with security systems. The SOAR solutions security processes must be easy to code and improve.

Automation Use Cases

Each security incident is turned into a case that is managed by the SOC and several other departments within the company, including, network operations, IT operations and legal. When a security organization has few established processes, employee wisdom becomes the vehicle for completing tasks. This only helps as long as the team stays together. If someone goes, they take their knowledge, skills and experience with them. Analysts can decrease incident reaction time with pre-packaged, customized automation. Case books or prepared procedures are used in automation use cases. This helps to retain internal knowledge. Automation frequently conjures up images of abrasive defences. The use cases for different sectors like medical, pharma, logistics and IT will be different. An organization should look for vendors who have rich and industry-related use cases.

Dashboard

The dashboard should be professional and simple to use. Analysts should be guided by intuitive workflows and information reports rather than having to comprehend the underlying data architecture. Security Staff in the SOC should be able to work naturally, assigning and completing tasks without thinking about the tool. To enhance event investigation, powerful search capabilities and single-click capability should be accessible. 

Customizability and Flexibility

Choosing a SOAR solution that provides a high degree of customization and flexibility is always a good option. A good SOAR solution will allow an organization to integrate with other security technologies easily and provide an easy-to-use user interface.

Cost

The cost of SOAR varies depending on the size, capability of the network, use cases and power of automation. It’s important to note that a SOAR solution must comply with other security solutions. Because SOAR systems have an expiration policy, which means the vendor will no longer support them, the cost and frequency of system upgrades must be considered. How much money firm is ready to spend? What are the benefits company is going to receive?

Security Support and Maintenance

The second step after selecting a SOAR solution is to implement and support it. In order to be effective, SOAR must be administered by committed trained staff or added to the responsibilities of professional employees. Does the vendor provide training to security teams? There are disparities in terms of costs and levels of service assistance. It’s essential to look into the type of assistance that a particular vendor offers. In any case, comprehensive technical support is an optional extra that could dramatically increase implementation expenses.

The SOAR solution operates as a strategic instrument for the security team, allowing it to accomplish more with fewer resources while freeing up important analyst time from data overload, dull and repetitive activities. It enables the security staff to be more useful and accurate. Using this solution would surely shorten the time it takes to detect and resolve threats, boost the return on existing security solutions, and lower the risk posed by security incidents.

Rapid7 acquired Threat Intelligence specialist IntSights

Rapid7, leading security analytics and automation company, announced the acquisition of IntSights Cyber Intelligence Ltd., a leader in contextualized external threat intelligence and proactive threat remediation. Rapid7 will pay around $335 million in cash and stock for IntSights.

Rapid7 will merge its community-infused threat intelligence and deep understanding of customer environments with IntSights’ external threat intelligence capabilities following the acquisition of IntSights. This combination is aimed at giving clients a unified view of threats, relevant insights, attack surface monitoring and proactive threat mitigation for businesses of any size or security maturity level. Rapid7’s industry-leading cloud-native extended detection and response (XDR) service, InsightIDR, is enhanced by this purchase, which enables high-quality, high-fidelity alerts for efficient security operations, early threat identification, and faster response times.

IntSights enables enterprises to get the full benefits of a threat intelligence program, regardless of its extent or sophistication, while also decreasing security professionals’ burden. Unlike many other threat intelligence systems on the market today, IntSights can help security operations teams achieve the productivity and outcomes they need by providing continuous coverage for external threats, from detection to mitigation to remediation.

Rapid7’s Insight Platform is almost total security operations platforms available today, with highest capacity in detection and response, vulnerability management, cloud security, application security, and security orchestration and automation. In addition to improving its XDR service and providing a standalone threat intelligence offering, the business plans to integrate IntSights’ external threat intelligence capabilities into its platform to enable faster threat detection and remediation across the organization’s complete solution offering. Foros worked as financial consultant to Rapid7.

“Cyber security is a lopsided battle today and the odds consistently favor attackers. Both IntSights and Rapid7 have a shared belief that organizations will succeed only when they have a unified view of internal and external threats, complete with contextualized intelligence and automated threat mitigation which will allow security teams to focus on the most critical threats. We look forward to working with IntSights to make this vision a reality for our customers,” said Corey Thomas, chairman and CEO, Rapid7.

“There’s no shortage of threat intelligence information available today, but much of it lacks context, creating too much alert noise and additional work for already overburdened security teams. By integrating IntSights’ external threat intelligence capabilities into Rapid7’s XDR solution, InsightIDR, we expect to provide security teams with expanded visibility and detections of internal and external threats across their traditional and modern environments—enabling them to quickly pivot into investigations, threat hunting and containment automation all within a unified experience,” said Richard Perkett, senior vice president of detection and response at Rapid7.

“We founded IntSights to make threat intelligence instantly accessible and actionable for organizations of any type or size. We are excited to join Rapid7 to continue this mission and to bring our threat intelligence capabilities to even more customers,” said Guy Nizan, co-founder and CEO at IntSights.

“With today’s sprawling attack surface and the sophistication level of threat actors, I can’t overstate the importance of a solid threat intelligence program. Threats can come from anywhere, which is why having visibility into your internal and external threat landscape is imperative. With the acquisition of IntSights, Rapid7 is well positioned to bridge the threat intelligence gap, giving customers the ability to identify real threats earlier and accelerate response and automate remediation,” commented Jon Oltsik, senior principal analyst and fellow at the Enterprise Strategy Group (ESG).

Security Orchestration, Automation and Response (SOAR) – Everything you need to know

Security Orchestration, Automation and Response is a system that collects data about security threats using integrated software solutions to analyze and respond to security threats using automated machine learning to provide assistance to human analysts.

The 3 Factors of SOAR are –

Security Orchestration – It is the process of incorporating various technological solutions, both security-related and non-security-related, in order for them to work together in a way that facilitates collaboration. These different tools gather information from multiple sources into a centralized system, which increases the accuracy and makes system more secure.

Automation – This concept empowers technical tools with the help of machine learning to perform security operations task without assistance of human beings. It saves the security analyst’s time by reducing the amount of time they spend on basic, routine tasks by automating them. Security analysts can utilize their time for more creative and challenging tasks. Automation is not an option for replacement of human analysts.

Response – Once a threat is identified, ‘Security Response’ offers security analysts a single centralized overview for tracking, planning, handling, and reporting measures taken. SOAR tools cover post-incident events including case management modules. These modules aid in the communication of lessons learned and the delivery of faster proactive response time to potential attacks.

SOAR vs. SIEM – SOAR and SIEM (Security Information and Event Management) are not the same, even though they gather data from different sources, spot anomalies, and generate alerts. SOAR systems give an additional option of automation to provide automated responses to attacks, while SIEM systems only have functionality of generating alerts to security analysts of a potential incident.

Benefits of SOAR for Organizations

1) Security Teams – Staffing shortages are a frequent occurrence in an Enterprise’s Security Operations Center. It’s a delicate balancing act to ensure an organization has the requisite personnel and it is making optimum use of human resource. SOAR solves this problem by enhancing the process, applying required degree of automation and orchestration by ensuring reliable, defensive response to threats so as to protect organization’s sensitive information. This includes automating repetitive tasks and provides structured incident handling responses. It also gives company the access to industry-leading machine learning algorithms, allowing them to react even faster to security incidents as they occur.

2) SOAR’s scalability and customization – There are default integrations available with every SOAR solution, but some companies’ security applications will not support them. As a result, the SOAR solution is made customizable enough to build integrations from both sides as per customer’s needs. An effective SOAR solution is flexible and customizable enough to work on top of various security tools.

3) Vendors – Normally, companies have a single vendor solution or software to manage the security operation center. Even if company uses more vendors there are complexities involved in it. But SOAR integrates a variety of security solutions into a centralized orchestration system that can be implemented in any cloud-based system. A SOAR solution is efficient enough to implement responses of various teams like SOC (Security Operations center) and CSIRT (Computer Security Incident Response Team). Soar gives a centralized overview and control across the enterprise. This integration reduces security operations procedures by using case management, incident lifecycle and extends life of existing resources, maximizing the return on investment.

4) Data Enrichment – Data collected from a software is useful, but it is limited. SOAR tools overcome this limitation by collaborating multiple software solutions. This is a huge advantage, since data collected about security is rich and makes security system of an enterprise firm updated and robust.

Security Orchestration, Automation and Response (SOAR) is introduced by one of the leading research firm is in initial phase of development in the market. With innovation and evolving market SOAR Solutions will be adapted by many organizations.