Story image

LogRhythm reports higher-than-anticipated SOAR adoption rate

01 Nov 18

Security company LogRhythm has announced that a recent survey of its customers found that 33% of them have adopted the company’s embedded security orchestration, automation and response (SOAR) capabilities.

This adoption rate exceeds Gartner’s 2018 estimate that standalone SOAR products have been adopted by less than one percent of security organisations with five or more security professionals, an adoption rate expected to reach only 15% by 2020.

The embedded SOAR features in LogRhythm’s security information and event management (SIEM) platform provide security teams with customisable workflows and controls to streamline and accelerate the investigation and neutralisation of qualified cyber threats.

LogRhythm’s end-to-end platform provides insights into how to improve security operations centre (SOC) performance.

With clear, trackable metrics, security leaders can quickly identify and address potential areas for improvement to increase the efficiency and effectiveness of their security operations teams. These performance metrics also enable security leaders to prove and quantify the overall business value driven by their teams.

“In cybersecurity, automation and orchestration are becoming more and more important,” says US Acute Care information systems security engineer Rob Haller.

“LogRhythm’s NextGen SIEM Platform’s SmartResponse feature and back-end API connections allow us to automate common actions, while LogRhythm’s case management and playbooks allow us to standardise our investigation methods and responses, adding speed, reliability and consistency to our security practice."
Three new features of LogRhythm’s most recent 7.4 software release empower security teams to implement effective, end-to-end security operations workflows: Case Playbooks, SmartResponse automation actions and SOC metrics.

Building on the existing case management and automation framework of LogRhythm’s NextGen SIEM Platform, these new capabilities enable security teams to deliver consistent, measurable results for threat investigation and neutralisation:
 
·     Case Playbooks, native within the platform, give resource-strapped security teams the ability to deliver consistent results with greater confidence. Playbooks capture institutional process methodology, senior analyst knowledge and best practices into easy-to-follow procedures for all analysts — even those that are new to the team or less experienced.

Deadlines and due dates are auto-populated to ensure consistent cadences for workflow. Prebuilt Case Playbooks, available out of the box, can be customised. Security teams can also create new playbooks to meet the unique needs of their organisations and integrate them with third-party incident response systems/runbooks.

·       Automated response actions drive best practices and consistency in incident response and can be activated to perform repetitive and mundane tasks, enabling security teams to drive faster and more efficient threat qualification and neutralisation.

LogRhythm’s Community site hosts a growing library of SmartResponse plugins, providing over 100 automated and semi-automated actions, including actions developed by LogRhythm Labs, by the LogRhythm user community and in partnership with LogRhythm’s Technology Alliance Partners.

LogRhythm’s automated contextual lookups enable rapid collection of third-party threat intelligence and other contextual information, expediting threat investigation.

These lookup actions do not require outside script development, allowing analysts of varying skill levels and experience to be immediately effective.

Out-of-the-box automations also include triggering vulnerability scans, conducting URL link analysis, performing memory dumps, resetting passwords, disabling users and adding IPs/FQDNs to blacklists, among others. 
 
·       SOC metrics improve an organisation’s overall security maturity by delivering actionable information about the speed and efficiency of threat qualification, investigation and response processes.

Security teams can collect and view key metrics from their LogRhythm deployment to better understand their mean time to detect (MTTD) and mean time to respond (MTTR) to threats.

More granular measurements, such as time to qualify (TTQ) and time to investigate (TTI), help analysts understand workflow effectiveness.

These performance metrics help uncover opportunities to improve operational efficiency, including identifying tasks better suited for automation, and enable security leaders to measure and report on the effectiveness of their security programs. 

Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
'DerpTrolling’ faces jail time for Sony DoS attacks
A United States federal court has charged a 23-year-old man for the hacks on Sony Online Entertainment and other major companies back in 2014.