Logsign Unified Security Operations Platform Overview

Logsign helps organizations to improve their cyber resilience through avoiding risks and chaos, besides ensures compliance with relevant regulations by bringing together all data, threat detection, investigation and incident response capabilities on a single, unified-whole platform. This is achieved through the integration of various native Logsign tools such as Security Information and Event Management (SIEM), Threat Intelligence, User Entity Behaviour Analytics (UEBA), Threat Detection, Investigation, Response (TDIR).

Logsign Unified Security Operations Platform is a comprehensive security tool that enables you to create a data lake, investigate threats and vulnerabilities, analyze risks, and respond to threats automatically. The platform’s automation and orchestration capabilities come from SOAR experience and are involved in every stage of the detection, investigation, and response processes. This enables the eradication and mitigation of threats and vulnerabilities in seconds, reducing MTTD and MTTR.

Logsign Unified Security Operations Platform integrates seamlessly with all other SOC tools to enable the best security management and team experience. Logsign is at the heart of the process. It has an extensive integration library with more than 500 pre-defined integrations, free plugin services, and custom parsing capabilities. As an Unified Security Operations Platform, it works seamlessly with other components of a Security Operations Center.

The product allows unlimited log collection and storage, investigation and detection of threats, incident- case management, UEBA and response automatically.

Security: Logsign Unified Security Operations Platform collects logs and events data from any IT source at any time. Managing the volume of data is also available with the Data Policy Manager, eliminating the need to consider the storing volume. After normalization, it enriches the data with user identity and behavior data. It also indexes all data for security analytics and visualization. Logsign detects security incidents in real-time via built-in alerts, correlation rules, and advanced investigation capabilities. Detecting internal and external threats, threat hunting, and behavior analysis enable security teams to see what is hidden and provide understandable, actionable outcomes, so comes the response.

Compliance: Being compliant with GDPR, PCI DSS, or any other regulation requires a USO Platform that has automated and scheduled reports and continuously logs without loss. Besides that, detecting threats both inside and outside your organization has never been crucial. Logsign Unified Security Operations Platform makes compliance management easy and rapid, with more than 1,200 comprehensive reports pre-prepared for global regulation and control frameworks.

Deployment:

• Amount of collected and processed events
• Data storage estimation
• High availability and disaster recovery requirement
• Organizational network topology

General Features

• NoSQL and High Speed
• High Availability
• HDFS Based Active-Active NoSQL Architecture
• Scalability as Horizontally & Vertically
• 500 + Predefined Correlation Rules
• Actions Integrated into Correlation
• 100 + Predefined Dashboards
• 1000 + Reports (Vendor Specific and General)
• Advanced Delegation Feature
• Incident & Case Management
• Identity and Asset Management
• User Entity Behavior Analytics (UEBA)

Logsign Unified Security Operations Platform offers you a single-pane holistic view of your organization’s information security. Whether you need a strong security posture or be compliant, an intelligent USO Platform leverages your security event management and makes your life easier. 

Capabilities of Product

Infrastructure

• Vertical and horizontal, unlimited scalability cluster, high availability
• Unlimited log storage and long-term data retention
• Simple deployment both on-premise and cloud environments

Limitless Log Collection & Storage

• 400+ built-in integrations and vendor-free integration capabilities
• Free plugin service
• Real-time enrichment
• Controls your data volume with the Data Policy Manager

Enrichment

• Asset & identity enrichment
• Geo IP, position, location, LDAP/AD
• Context, custom enrichment
• Behavior enrichment
• Threat intelligence feeds
• Network position, branch, etc.
• Instant data processing

User Entity Behavior Analysis (UEBA)

• Monitors user access to critical data
• Prevents botnet infections
• Detects risky user and watchlist user behaviour
• Realtime entity context
• Stop data exfiltration

Detect Complicated Threats

• Drill-down, full-text, advanced
• Lucene search Response to queries in milliseconds
• Investigates correlated and enriched data
• Threat hunting for hidden threats
• IOCs and IOAs Threat level validation
• Incident triage Forensic investigation MITRE ATT&CK and Cyber Kill Chain Frameworks
• Risk scoring

Security Analytics

• Hundreds of built-in widgets, alerts, dashboards & reports result in actionable insights with the help of wizards.
• Easy to customize and configure new dashboards & widgets Powerful wizards
• Delegation: Role-based access control
• Dynamic search filters, drill-down search on dashboards
• Filtering in dashboards with customisable time frame

Incident- Case Management

• Artifacts, assets, and identity management
• Incident timeline
• NIST incident life cycle
• Incident summary and detailed views
• Visual cards for investigation, detection, and response

Protect Your IT

• Mitigate or eradicate cyber security incidents
• Automated response on security devices
• Automated notifications
  Automated remediation actions

Logsign Unified Security Operations Platform has lots of Data Collection Methods, Log Enrichment Technology, the opportunity to track all threat activities, calculate risk scoring, and monitor all kinds of activities in your environment.

Active-Active Cluster Architecture

With HDFS-based NoSQL architecture, you can access millions of data in seconds. It enables you to detect advanced attacks such as zero-day / zero-second attacks thanks to File Integrity, User, and Behavior Monitoring features offered in the same solution. You can perform in-depth analysis on all reports and visuals created. You can filter and narrow the results and easily access the action-oriented outputs.

Logsign has multi-layer data and service backup capacity. You can store and backup live and offline data at the petabyte level. It provides redundancy at every layer and stores your data in a distributed or centralized manner. In possible disaster scenarios, it protects your data securely and makes it accessible at any time with automatic startup, service replication, and failover, self-healing capabilities. These capabilities give you flexibility, mobility in sudden situations, and the opportunity to take action.

Logsign is easily scalable horizontally and vertically as your needs grow. You can add more users, more admins, or locations. You can configure the cluster architecture to work with a minimum of 3 servers. The number of servers can be scaled. For the example of 3 Cluster Architecture;

All archive logs are kept in HDFS and stored as three backups. Logsign services are positioned as redundant on these three servers.

In this way, Logsign provides you with both data and service redundancy automatically. In cluster architecture, the three servers talk to each other with a private network without gateway and DNS.

Introduction to Menu Bar