Logpoint has introduced new features to its Converged SIEM platform, enhancing threat detection, security operations, and case management.
The update focuses on simplifying processes, reducing workload, and improving resource efficiency for organisations, particularly MSPs.
Product manager Edy Almer tells CRN that the update is part of Logpoint positioning itself as a preferred cyber partner for MSPs targeting the SMB space, or small and medium MSPs themselves.
The configuration needs of such partners may be underserved by larger cyber vendors lacking the Copenhagen-HQ vendor’s regional presence.
One significant enhancement to the SIEM platform is adaptive memory management, optimising memory usage automatically to increase system stability and reliability.
This prevents service disruptions and eliminates manual memory tuning, allowing users to scale up with additional nodes for improved visibility.
Configuring alerts is now more user-friendly, according to the vendor, consolidated into a single window with fewer clicks.
The aim is to streamline security orchestration, automation, and response (SOAR) with a focus on case management.
Incident artifacts are automatically extracted into cases, providing context, reducing analyst workload, and enhancing detection and response.
Playbooks can automatically read incidents, adding extractable data as artifacts to the case.
For MSSPs, Logpoint facilitates playbooks distribution with generic, integration-agnostic templates for typical security use cases.
This allows easy updating and distribution to tenants with different integrations, saving crucial time and minimising errors.
“Any channel partner that is configuring on behalf of their customer, but especially for MSPs that are doing quite a few configurations, it’s really important to make it a lot easier to configure and to get the system up and running,” Almer says.
“The upgrade makes it easier for MSPs to configure the platform on behalf of multiple customers using a set of log source templates. This allows the platform to either be used out of the box or configured easily based on end-user needs and preferences.”
Addressing time, staffing and complexity for MSPs
Targeted at MSPs that may not want or have the resources to spin out a SOC, for example, the platform allows for multiple configurations with a low-touch approach.
“There were some configurations that were getting quite complicated to manage. And when [a MSP] starts getting requirements to be an expert in this and an expert in that.
“It’s really great when a customer is telling you ‘here’s my problem’ and there’s one specific solution. But then you have three other customers that want it solved a different way,” Almer continues, explaining that the configurability of the platforms allows for multiple solutions to a multifaceted problem for MSPs.
The goal is to address both time, complexity and staffing needs for MSP partners and beyond.
Beyond small and medium MSPs, the cyber specialist also counts some of the biggest channel partners among its network, including Softcat, Bytes and boxxe.
“In this case, it was a very, very straightforward problem, meaning we have multiple customers coming from different angles saying, ‘this configuration is taking too long, can you please help me with some of the default values, because otherwise, I have to spend time training a person and then debugging’.
“While previously, connecting a log source could take hours, now we’ve made it that it’s basically a single click. And if you want to modify it later, you can still do that.”
This post was originally published on 3rd party site mentioned in the title of this site
