Logpoint enhances Converged SIEM for optimised threat detection

Wed, 31st Jan 2024

Cybersecurity firm Logpoint has announced the launch of new capabilities to its Converged SIEM platform. These enhancements intend to optimise threat detection and security operations and also streamline case management.

The Copenhagen and London-based company aims to facilitate businesses and Managed Security Service Providers (MSSPs) to ameliorate cybersecurity performance and allot more resources to security operations. The new release is designed to reduce operational tasks' workload, thus empowering Security Operations Centre (SOC) teams to perform more efficiently in threat detection, investigation, and response.

Logpoint's innovative capabilities enable organisations to concentrate on crucial security issues by lessening workload, simplifying automation and allowing better resource allocation. The release ensures heightened system stability and the efficient use of resources by introducing adaptive memory management. It optimises memory use automatically, minimising service disruptions and rendering manual memory tuning unnecessary. The platform also allows increased visibility by enabling the addition of more nodes due to the release of extra memory.

The experience of configuring alerts has been upgraded with a single window and fewer clicks. Additionally, updating and populating lists have been simplified, where users can now upload details such as IoCs, malicious domains, IP addresses, etc., in a .CSV or .TXT file. This flexibility offers users ease in incorporating lists from various sources, keeping threat detection up to date and hence facilitating their work.

Logpoint now allows for a complete collection chain configuration with a single click from LogSource Templates and enables MSSPs to distribute at scale from Logpoint Director, a platform designed to handle large deployments. These amendments make the initial configuration of Logpoint straightforward with pre-configured templates for all primary Log Sources.

Edy Almer, Director of Products at Logpoint, explained the implications of this development: "Visibility, time to respond, and confidence in the investigation are important factors in fending off cyberattacks successfully, and we're excited to help organisations improve on that with the new Logpoint release. We're essentially helping organisations get more resources for focusing on what matters for their security, which is essential as the pressure on cybersecurity professionals increases from expanding data and cybersecurity regulations and the threat actors' ever-changing and innovative methods."

The new update also optimises security orchestration, automation, and response (SOAR), and case management. Incident artefacts are automatically extracted into cases, providing invaluable context, alleviating the analyst's workload and improving detection and response capabilities. This version also allows MSSPs and others to work with various tenants to save time and avoid errors when distributing playbooks to customers. Generic playbooks related to typical security use cases can be updated once and extended to all tenants, saving crucial time for MSSPs throughout the distribution process.

Logpoint's Converged SIEM is an all-encompassing cybersecurity platform covering the entire threat detection and incident response process. The platform automatically renders threat intelligence, business context, and entity risk to observations, transforming weak signals into meaningful investigations and enabling analysts to respond faster with automation and orchestration.