Uzado Drives Next-gen XDR with Logz.io, Tines

Today’s managed security service providers (MSSPs) are growing their businesses quickly by improving margins and onboarding customers with high-quality tool sets that scale with the business. This means reducing cost, improving onboarding time and building the next generation of managed detection and response (MDR), to deal with threats that are increasing in volume and sophistication.

Using cloud-native services is essential to handle fluctuating requirements with today’s modern MSSP customers, who are adopting more cloud services. To run an efficient business, MSSPs must leverage automation to enable the security operations center (SOC) to triage and respond to threats as quickly as possible.

To achieve the next generation of MDR, Uzado and Logz.io have integrated their cloud security information and event management (SIEM) platforms with Tines’ SOAR capabilities. Integration of these traditionally siloed security tools provides SOCs with unprecedented protection. This all-in-one cybersecurity management tool aggregates datasets to deliver a complete coverage map of all your digital assets.

The SIEM is the centerpiece of any SOC, and MDR providers are no different. Integrating and correlating diverse data are a requirement. Meeting the needs of today’s organizations requires cloud SIEMs are flexible and application programming interface (API) driven.

Additional requirements from MSSPs include multitenancy and being able to allocate quota and usage across customers with the click of a button, or an API call. Logz.io provides all these capabilities in today’s SOCs.

Similarly, the need for automation to be robust, flexible, and easily programmable is why modern SOCs are moving away from bundled SOAR solutions in favor of best-in-breed, no-code tools like Tines. Security teams need to make the right decision at the right time. This can happen only when the data from other tools is accessible and time-consuming, manual workflows are automated by those on the front line.

With increased visibility, control, and bandwidth, security teams can go deeper when necessary and respond to today’s threats faster and at scale.

Overall, organizations require visibility into each one of their endpoints to uncover incidents that would otherwise go unnoticed. Uzado’s endpoint detection and response (EDR) components provide continuous and comprehensive monitoring of a company’s entire workforce.

But what happens when a vulnerability or a threat is detected? When a threat or vulnerability is detected, Uzado doesn’t simply send you an alert. This component offers advanced threat detection and response capabilities. Threats are contained when found, and vulnerabilities are patched by expert staff who works 24/7 to protect your system. This means no more midnight emails leaving you to deal with active threats or vulnerabilities.
Uzado strives to be a turnkey security and IT management solution.

Within most SOC teams are tiers of engineers, where a junior analyst initially may triage and resolve an issue, while a more senior engineer may be investigating a new or complex threat. Combining SOAR and SIEM enables MSSPs to collect alerts to build automated workflows. The SOAR solution includes auto-closing, assigning, or escalating cases to various engineers, as well as updating or closing tickets automatically. It’s critical to create a repeatable and well-defined response and MSSPs will get that with this XDR solution.

Similarly, when there is an active incident identified by the MSSP, the SOAR can be used to collect relevant logs in an automated manner. For example, if there is an incident identified with a specific internet protocol (IP) the SOAR can query and collect all relevant events which include that IP address. Other relevant use cases which query the SIEM could include identifying relevant data when there are multiple failed logins that generate an alert that the SOAR receives from the SIEM.

SOAR tools also can enrich data as they drive other workflows into ticketing systems. For example, if there is an incident identified by the SIEM and passed to the SOAR for a ticket to be opened, the SOAR would take that data and make additional queries to public and private data sources to enrich the ticket. This additional data about a specific asset, IP address, URL or a file hash provides value to the SOC analyst looking at the ticket which ultimately speeds up the resolution of the incident. 

The partnership among Uzado, Logz.io, and Tines was created to provide customers with robust and reliable SOC and IT services that unify threat detection, response and remediation capabilities. It is to enable full visibility of what’s going on in the environment and correlate data sources to understand how these events are linked and when it is a cause for concern. The enriched framework is to create automated workflows to simplify complex investigations and reduce risk by quickly and accurately detecting attacks.