LogPoint, an automation and incident response solutions provider, has integrated its security information and event management (SIEM) product with the DFLabs IncMan security, orchestration and automation (SOAR) platform. Organizations can use the LogPoint-DFLabs integration to define, prioritize and drive incident response activities, according to a prepared statement.
The LogPoint-DFLabs integration provides organizations with end-to-end threat visibility, the companies stated. It allows organizations to collect security data and alerts from different sources and conduct incident analysis and triage.
Also, the LogPoint-DFLabs integration leverages machine learning to reduce false-positive alerts, the companies said. It automatically reapplies successful threat detection and remediation actions and playbooks and drives security knowledge sharing across an organization.
A Closer Look at LogPoint SIEM and IncMan
LogPoint SIEM provides real-time data analysis, early detection of data breaches and data collection, storage and reporting, according to the company. It aggregates event data produced by any device or application within an organization's infrastructure to provide security insights.
Furthermore, LogPoint SIEM executes advanced threat detection over an extended period of time, the company stated. This enables an organization to identify and analyze security trends and behaviors of entities and end users.
IncMan includes bidirectional integrations across threat intelligence, malware analysis, ticket management, endpoint protection and other security product categories, DFLabs indicated. It applies machine learning to historical responses to incidents and recommends relevant runbooks and actions to help organizations manage and mitigate threats across customers and tenants.
MSSPs also can use IncMan to deliver security monitoring and incident response services, DFLabs pointed out. By doing so, MSSPs can use IncMan to add managed detection and response (MDR) capabilities to their portfolios.
Demisto Integrates SOAR Technology Into AWS
In addition to the LogPoint-DFLabs integration, Demisto this week integrated its SOAR technology into Amazon Web Services (AWS). The integration provides automated and keyless cloud security incident response and identity and access management (IAM) roles to streamline credential transfer and management across AWS environments.
SOAR tools often help organizations improve security operations efficiency, quality and efficacy, according to technology research firm Gartner. As such, the demand for SOAR tools may increase in the foreseeable future.
The current adoption rate of SOAR tools is less than 1 percent, Gartner indicated. However, Gartner estimates approximately 15 percent of security organizations with five or more security professionals will adopt SOAR tools by 2020.