Logpresso (CEO Yang Bong-yeol), a cloud-based SIEM (Security Information and Event Management) specialist, announced on the 21st that it has registered a technology patent for ‘a method for expanding the data collection and threat detection functions of an integrated security control system using a plug-in.’
This patent is a technology that embeds log normalization and threat detection rules in each app as a plug-in and distributes them. After installing the app, users only need to add log collection settings, and detection rules will be automatically applied to create unit events and perform asset and user-based correlation analysis. The company explains that this will enable the implementation of a threat detection function with higher accuracy.
This technology not only increases operational convenience but also helps to identify which attack techniques (MITRE ATT&CK TTP) the currently introduced security products have detection capabilities for. This allows security personnel to identify gaps in detection capabilities and quickly determine whether to introduce necessary security products. In addition, from the perspective of security solution providers, it provides a foundation for proposing enhanced TTP-based detection capabilities to Logpresso customers.
Logpresso points out that more than 80 security products are being used in various industries including the first financial sector, and that an approach centered on scalability and automation is needed to overcome the limitations of existing SIEM systems. Legacy SIEMs have relied on manual work in many processes such as log parsing and detection rule setting, but Logpresso pursues an open XDR (eXtended Detection and Response) model, and focuses on implementing native XDR-level automation while providing detection and response functions in the form of plug-ins.
Yang Bong-yeol, CEO of Logpresso, explained, “As the security environment diversifies, it is difficult to effectively identify threats with a single format of detection rules.” He added, “This patent is a technological foundation that enables automated threat detection and asset-centered correlation analysis while flexibly responding to various security products and log formats.”
- See more related articles
You must be logged in to post a comment.