Name: Automating SIEM Alert Triage
Start: 2021-09-16T16:24:00Z
End: 2021-09-16T16:24:52.000Z
Location: BrightTALK
Rating: 5

LogicHub harnesses the power of AI and automation for superior detection & response at a fraction of the cost. From small teams with security challenges, to large teams automating SOCs, LogicHub makes advanced detection & response easy and effective for everyone.

Running an efficient SOC is more important than ever, yet many teams struggle with complex cyberthreats, a multitude of alerts, disparate systems, and poor threat visibility and context.
Overburdened and under-resourced analysts are bogged down with tedious manual processes. As a result, threat detection and response is compromised – not only in effectiveness and accuracy, but speed as well.
 
The solution is Devo. The only cloud-native logging and security analytics platform that provides the most scalable and performant log management for full visibility across the organization, accurate threat detections and security content, and automated alert triage, investigation, and response at machine speed, boosting the efficiency of analysts by 10x.

Join Stephen Morrow, Head of Pre-Sales at Devo, and LogicHub founder Kumar Saurabh for an interactive discussion of how to modernize your SOC approach, improve security, and reduce costs.

We’ll cover how to: 
• Detect threats in real time across your organization
• Build and deploy sophisticated playbooks in under 30 minutes
• Reduce false positive alerts by 95%
• Significantly reduce analyst workloads 
• Improve MTTR by 10x

The Path to the Autonomous SOC

Amazon Web Services (AWS) is the vendor of choice for many organizations looking to utilize a cloud infrastructure built for ease of use, scalability, and cost savings. Although AWS provides activity logging facilities such as, GuardDuty, CloudTrail, and VPC flow to ensure security, the catch is that you must do it all yourself. 

AWS’ Shared Responsibility Model states that the customer fully owns the protection of their data, OS, network and firewall configuration, platform, applications, identity and access management, ransomware, regulatory compliance – the list goes on and on. Due to the resources, money, time, and expertise required, this can be a significant challenge for many businesses to achieve. 

This is one of the many reasons managed detection and response (MDR) services are gaining in popularity, especially among AWS clients. An MDR provider functions as a fully outsourced SOC, detecting and responding to threats, providing 24/7 monitoring, checking for insecure configurations (the #1 source of AWS breaches), and more. 

In this webinar, we will walk through how the LogicHub AI and automation driven MDR service monitors all your AWS logs 24/7, aligns with MITRE ATT&CK Framework, proactively detects threats, and delivers fully contextualized and accurate escalations with suggested responses.

LogicHub Lunch & Learn: MDR Jump Start for AWS Applications

LogicHub (now Devo) invites you to meet AuDRA (Autonomous Detection & Response Assistant), the industry’s first solution to apply AI-driven threat hunting bots to proactively detect threats, anomalies, and attacks from limitless security events across network, cloud, endpoint, and hybrid data sources.

Expert and non-expert users alike can leverage the interactive bot technology to automate the process of creating threat detection playbooks and help address the crippling cybersecurity staffing shortage. By applying advanced automation, machine learning and artificial intelligence, Devo is helping organizations large and small to improve their security operations by helping to detect and stop attacks at machine speed and machine scale.

Meet AuDRA: The First AI Threat Hunting Bot

Proactively defend your organization against phishing attacks by leveraging AI and automation driven detection and response. 

In this Lunch & Learn webinar presented by LogicHub, now a part of Devo, we will walk through how you can automate phishing alert triage – with no coding required. By automating phishing playbooks, you can ensure that your SOC processes alerts quickly, accurately, and uniformly. Stop burying your most valuable resources – your people – in manual techniques such as geolocation lookups, file hash checking, URL reputations, and so forth. 

Automating these manual tasks can free up precious time and resources in your SOC and enable your analysts to focus on security tasks that require human insight and action. This webinar includes a live demo of how to build phishing playbooks that encode triage techniques, as well as Devo's interactive bot that helps non-expert users build sophisticated playbooks.

AppetAIzing Automation: Proactively Defend Against Phishing Attacks

As the latest headlines reveal, we must assume attackers have not only sidestepped preventative controls, but they are also already inside your network. Compromised accounts are a classic example of how AI can catch situations where other tools have either failed or been bypassed. 

The only way to effectively detect and defend against modern email threats in the AWS cloud environment is to leverage AI. The catch though, is that it can’t just be any AI. If it’s “black-box” AI – that’s not going to help you. The AI you employ needs to be explainable, customizable, and tuned based on analyst feedback. This kind of AI can help organizations uncover hidden threats, prevent account takeovers, stop sophisticated phishing attacks, and quickly identify malicious activity from compromised accounts. 

In this webinar, we will:
• Walk through the stages of an account takeover in the AWS environment
• Demonstrate the AI technology required to protect against sophisticated threats conventional security tools can miss
• Review behavior indicative of compromise for account takeovers, sophisticated phishing attacks, and malicious activity from compromised accounts

Lunch & Learn Series: How to Leverage AI to Prevent Account Takeover in AWS

By leveraging AI and automation driven detection and response across integrated environments, organizations of all sizes can defend against sophisticated attacks - even with budgetary and resource constraints. Adaptable and progressive AI and machine learning models can work in concert with human expertise and act as a security force multiplier. 

In this webinar, we discuss how to:

•        Leverage AI as a force multiplier for skilled human expertise.
•        Implement AI and decision automation to perform advanced threat hunting, detection, and response at machine speed and scale.
•        Reduce time spent investigating false positives. 
•        Reduce noise and repetitive work for analysts.
•        Free up valuable time and resources to focus on proactive rather than reactive work.

AI & Automation Driven Detection & Response

Each month LogicHub will be reviewing the past month’s most notable threats. We will take a deep dive into the new threats and vulnerabilities we are seeing in the wild and select a few of particular interest to highlight in greater detail. We will outline their potential impact and provide effective remediation and prevention tactics and strategies. We will detail real-world use cases in action and offer guidance and recommended and useful resources.

LogicHub Monthly Security RoundUp - July 2022

Addressing the challenges of overburdened security operations with limited staff and resources, combined with an exponential increase in threats and alerts, demands a new approach that leverages advanced automation, AI, and machine learning. Teams must develop capabilities that combine the skills of expert human analysts with the speed and scale of computer automation.

The LogicHub platform combines elements of XDR, SOAR, SIEM, MDR, and proactive threat hunting to automatically respond to adverse events or filter through the volume of network alerts to only exposed critical alerts to a human analyst. The sophisticated AI progressively learns from data as well as its human counterparts, who can encode their expertise and techniques into the program. Security teams can automate complex repetitive tasks and create threat detection playbooks to automatically triage threats or escalate them for human action with a recommended response.

SANS Institute analyst Chris Crowley explores different features of the LogicHub platform, including integrations, protections mapped to the MITRE ATT&CK framework, case management, and an AI threat detection assistant.

LogicHub Security Automation Capabilities Review

Staff shortages? Budget constraints? An overwhelming number of threats, vulnerabilities, and alerts? A robust security operations center (SOC) used to be out of reach for most organizations – except for large, well-funded enterprises. 

Devo VP of SOAR Strategy and Integration Kumar Saurabh details how small to mid-sized companies can benefit from next-gen SOC technology, such as advanced AI, machine learning, and automation to create a streamlined security posture with minimal time, money, and resources. Learn how this technology can be leveraged for highly efficient and effective alert triage, incident response, and threat detection – even with a small team and tight budget.

Five Steps to Building a Stellar SOC with a Small Security Staff

The managed cybersecurity services market is undergoing a significant shift. Organizations are upgrading from alert-oriented Managed Security Service Providers (MSSPs) to action-oriented Managed Detection and Response (MDR) services. 

The need for change is evident, and organizations early to embrace MDR services report a higher security posture across multiple dimensions. Those organizations that have not yet upgraded from an MSSP evidence an overwhelming and urgent intent to do so.

LogicHub welcomes esteemed Senior Analyst Michael Sampson from Osterman Research to share his in-depth findings about the state of security operations today. He notes that MDR adoption – especially those driven by AI and automation – is expected to more than double in the next 12 months, compelled by an excess of alerts, alert fatigue, a staffing crisis, and a profound increase in the number of advanced threats across any given attack surface.

The Rush to MDR Services - Osterman Research Report 2022

You know that cybersecurity is more important than ever but keeping up with it can be daunting for small businesses. Qualified security experts are hard to find and afford, implementing the right security processes is confusing, and keeping up with the latest technology can make your head spin.

Join experts from Cyvatar and LogicHub for the first of a series of webinars discussing how SMBs can break this security logjam through managed security services that give you access to the right experts, ensures you processes are reliable, and makes sure you always have the best technology to effectively detect and respond to cyberthreats. Topics will include:

- Assessing your security risks and needs
- How to choose the right cybersecurity as a service (CSaaS)
- Implementing processes that are thorough, reliable, and sustainable
- Working with vendors that automate security to keep it effective and affordable

Expert speakers will include:
- Corey White, Co-founder, Cyvatar
- Dave Cundiff, CISO, Cyvatar
- Willy Leichter, CMO, LogicHub

Improving Security for SMBs with the Right People, Process, and Technology

LogicHub Monthly Security RoundUp - June 2022

Many security teams have access to AWS logs but don't have an effective way to detect and respond to threats – especially those that evade existing security tools like CloudTrail, VPC flow logs, and GuardDuty. 

If you are using AWS Cloud, and you are not confident about your threat detection, we invite you to try our free LogicHub MDR Jump Start. Our AI and automation-driven MDR service will monitor all your AWS logs 24/7 and provide fast, consistent, complete, and accurate escalations, along with suggested one-click responses.

With LogicHub MDR Jump Start for AWS, we will:
• Get you up and running in a week
• Monitor all your AWS logs and deliver highly enriched cases of real threats only
• Provide suggested one-click responses for all escalated cases
• Perform 24/7/365 advanced threat hunting, detection, and response
• Implement alert triage playbooks that will do all the threat analysis for you and eliminate noise and false positives

Join LogicHub’s VP of Product Management, Ryan Thomas, and CMO, Willy Leichter, to learn how you can get started (free!) with LogicHub MDR Jumpstart for 90 days. All attendees will receive a $20 Grubhub coupon and are eligible for a free MDR consultation. Please note that while we'd love to give a free lunch to everyone, our offer is limited to security personnel who join us for the live session.

LogicHub Lunch & Learn: Free Detection and Response for AWS Cloud

LogicHub is pleased to welcome leading Forrester analyst Allie Mellen as a guest speaker to discuss how security professionals can build and mature their threat detection and response strategies. Allie will detail ways in which organizations overburdened by security data and contending with a significant skilled labor shortage can augment their security teams with AI and automation. 

Drawing on her extensive research experience in SOAR, XDR, AI/ML, analytics, and automation, Allie will outline:
- The need to modernize security operations
- How MDR services can deliver on the promise of XDR
- The next generation of AI-driven threat detection and response automation
Featured speaker: Allie Mellen, Analyst, Forrester
Allie supports security executives and professionals in building and maturing their threat detection and response strategies. Her coverage includes the people, processes, and technology in security operations. From a technology perspective, this includes security information and event management (SIEM); security user behavior analytics (SUBA); security analytics (SA); security orchestration, automation, and response (SOAR); endpoint detection and response (EDR); and extended detection and response (XDR). Her research focuses on the current state and evolution of ransomware, MITRE ATT&CK, analytics, AI/ML, detection, automation, and response in security.

Speaker: Kumar Saurabh, CEO and Co-Founder, LogicHub
Kumar has 15 years of experience in the enterprise security and log management space leading product development efforts at ArcSight and SumoLogic. He has a passion for helping organizations improve the efficacy of their security operations, and personally witnessed the limitations of existing solutions in helping SOC analysts detect threats buried deep within mountains of alerts and events. This frustration led him to co-found LogicHub to empower cyber analysts by building intelligence automation, not just analytics.

Leveraging New Detection and Response Technology for the Next Generation of SOC

Many malware prevention tools allow users to upload IoCs (Indicators of Compromise) from their own investigations. This allows SOC teams to enhance security tools by adding malware indicators that were previously unknown to the tool, leveraging the SOC team’s intelligence to block new malware in the future. 

Learn how to automate this process to eliminate manual steps and improve security. This hands-on session will show you how to easily build playbooks with Devo SOAR to automate this process, save time, ensure consistency, and reduce risk.

Ryan Thomas, Senior Director, Product Management, Devo, will discuss customer case studies and demonstrate live how to automate response to new IoCs and upload them to CrowdStrike Falcon.

AppetAIzing Automation: Automated Response - Blocking IoCs with EDR

LogicHub Monthly Security RoundUp - May 2022

Do you triage security alerts using manual techniques, such as geolocation lookups, file hash checking, URL reputation, and other techniques?

Learn how to automate these time-consuming steps with no-code Devo SOAR. This hands-on session will show how you can easily build playbooks with Devo to automate any number of triage techniques and generate rich alerts.

VP of Product Management Ryan Thomas will discuss customer case studies and demonstrate live how to automate checking MD5 hashes and other IoCs against VirusTotal.

AppetAIzing Automation: Enriching Alerts with a Reputation Service

Security operations teams are overwhelmed by hundreds or thousands of alerts every day and individual analysts spend as much as 70% of their time chasing down false positives while true threats remain uninvestigated.

With a 95% or more reduction in false positives, automated SIEM alert triage can help eliminate alert fatigue and drastically reduce your MTTD and MTTR. But getting started is a common challenge. In this webinar, we’ll cover:

Where to begin with alert triage automation
4 critical components of planning a successful program
How to implement an alert triage automation playbook
How to measure the success of your alert triage program

Automating SIEM Alert Triage

SIEM

Threat Analysis

Threat Detection

Security Analysis

Security Analytics

Automation

Threat Assessment

Cyber Security

Threat Defence

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Health IT

Healthcare

Join this new, vibrant community to learn and connect with top thought leaders, startups and banks who are disrupting the financial services industry. Keep up with the latest news and trends in Fintech and take part in lively debates on topical issues and challenges.

Fintech

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Automating SIEM Alert Triage

Presented by

About this talk

LogicHub