LogicHub SOAR+

Additional Info

CompanyLogicHub
Websitehttps://www.logichub.com/
Company size (employees)50 to 99
Type of solutionHybrid

Overview

LogicHub’s SOAR+ platform is the industry’s most powerful automation platform for security operations, empowering SOC teams with end-to-end automation and orchestration that automates the entire threat lifecycle – from threat detection and analysis, alert triage, incident response, threat hunting, and forensic investigations.

LogicHub’s incident response playbooks automate the majority of previously manual incident response actions, freeing analysts to focus on advanced threat response activities. Actions that can’t be fully automated due to comfort level or specific policies can be configured for one-click execution, allowing for immediate execution without relinquishing control. LogicHub’s incident response automation leads to faster, more accurate, and repeatable outcomes, and, when combined with LogicHub’s autonomous threat detection and automated triage capabilities, results in a drastic reduction in mean time to response (MTTR).

Automatically Quarantining Infected Hosts

LogicHub can rapidly quarantine any number of hosts based on accurate threat detection and consistent processes that adapt to any organization requirements. For example, if malware is detected after hours, a laptop might be automatically quarantined until a security analyst can review it during regular hours, while the same response is queued up for one-click execution during normal SOC hours.

Detecting and Disabling Compromised Credentials

LogicHub playbooks can establish automated baselines of standard user behavior. When behavior varies from normal activity, you can automatically take steps to respond to the incident, either in a fully automated fashion, or by alerting appropriate personnel and letting them authorize the correct response through a one-click approval process.

Automatically respond to user reported incidents

LogicHub playbooks can be set up to investigate and respond to user report threats in many different formats. For example, a playbook can automatically retrieve and analyze user reported phishing attempts from a SOC inbox, extract relevant details from the emails, perform rapid investigations, and execute the proper incident response processes.

How we are different

• AI-based incident response: LogicHub’s SOAR+ platform is built on expertise automation and a blend of expert systems with deep neural net architecture that is more precise and designed to work with a reduced amount of data. The engine progressively learns and updates its own logic to make more accurate decisions like a human analyst. LogicHub’s SOAR+ leverages embedded machine learning for adaptive, automated decision making to automate analysis, investigation, and triage of high-volume alert and event data.


• LogicHub’s SOAR+ incident response playbooks automate the majority of previously manual incident response actions, freeing analysts to focus on advanced threat response activities. Actions that can’t be fully automated due to comfort level or specific policies can be configured for one-click execution, allowing for immediate execution without relinquishing control.


• LogicHub’s advanced incident response playbooks allow security teams to automatically quarantine infected hosts, detect and disable compromised credentials, respond to user reported incidents, and other critical incident response use cases.