Cisco Security and LogicHub

How LogicHub and Cisco Security work together

LogicHub integrates with multiple Cisco Security technologies to deliver security task automation, 24/7 threat detection, and automated incident response.

Founded in 2016 by seasoned cybersecurity veterans from ArcSight and Sumo Logic, LogicHub is built on the principle that every decision process for threat detection and response can and should be automated. We built our SOAR+ and MDR+ solutions based on that principle. We solve the challenges organization face today - lack of security resources and SOC expertise - by mimicking the cognitive and intuitive approach of expert analyst with machines - at machine speeds and machine scale.

Product Integrations

* Secure Endpoint (formerly AMP for Endpoints): LogicHub automatically enriches, investigates, and scores a malicious binary alert from Cisco Security Endpoint based on organizational variables. If the score is high enough, LogicHub automatically uses Cisco Security Endpoint to quarantine the binary across the network. Security analysts can require one-click authorization for any quarantine, or it can be configured based on device type, risk rating, etc. Security analysts can also execute an ad hoc search within Cisco Security Endpoint, Umbrella, Malware Analytics, any SIEM, or against any other data from directly within the case to further investigate prior to executing any actions.

* Secure Firewall: LogicHub automatically enriches, investigates, and scores intrusion alerts from FirePower Management Center based on a variety of threat intelligence sources. If the score is high enough, LogicHub can automatically block the offending URL or IP address through the FirewPower integration. Analysts can require one-click authorization of such blocking if desired.

* Secure Network Analytics (formerly Stealthwatch): LogicHub automatically enriches, investigates, and scores network alerts from Cisco Stealthwatch based on a variety of threat intelligence sources. If the score is high enough, LogicHub can automatically block the offending domain or IP address through the Cisco Stealthwatch integration across any offending network sessions. Analysts can require one-click authorization of such blocking if desired.

* Secure Malware Analytics (formerly ThreatGrid): LogicHub’s playbooks can automatically submit files or URLs for analysis, automating work typically performed by humans and enriching cases with threat intelligence, so that it is available by analysts when needed.

* Umbrella: LogicHub can automatically retrieve the list of network devices from Cisco Umbrella, adding organizational context to alerts processed through integrations with other Cisco Security products.

* Talos: LogicHub can automatically leverage Talos’ IP reputation lookup to enrich alerts from any system with threat intelligence about the IP address.

Useful links

Security Suites