Logpresso launches Korea's first enterprise-level cloud SIEM service

Cybersecurity specialist Logpresso has announced the launch of Logpresso Cloud, a Cloud SIEM service encompassing on-premise and cloud infrastructure, via the KakaoCloud Seoul Region.

Logpresso Cloud is the first SaaS-based Cloud SIEM service offered by a Korean vendor. This service allows comprehensive monitoring and automated threat response across existing on-premise infrastructure, as well as a wide range of SaaS, PaaS, and IaaS solutions utilized by many businesses in their daily operations.


Corporate infrastructure is quickly transitioning to the cloud. Previously, on-premise and cloud monitoring solutions were siloed, making it challenging to secure unified visibility in today's fast-changing cybersecurity threat landscape. However, cybersecurity officers of companies now need to ensure comprehensive visibility across on-premise, cloud, and SaaS environments covering both security and IT resources to respond to cyber security threats effectively.

The Logpresso Cloud service significantly reduces the complexity of security management by leveraging the flexibility and scalability of cloud environments while offering full visibility into the traditional on-premise systems. In particular, it offers enterprise-level SIEM in cloud environments, enabling real-time analysis and automated threat detection and response by integrating security events and log data from various environments. Additionally, log data can be stored cost-effectively for the long term in the cloud environment.

The main features of the Logpresso Cloud service are:

  • Integrated security monitoring for on-premise and cloud environments: It enables monitoring of the entire infrastructure from a single platform, covering not only on-premise servers and network devices but also cloud resources like AWS, Google Cloud, and Azure, as well as various SaaS such as Microsoft 365 and GitHub. This allows companies to centralize security operations on a cloud-based platform, ensuring comprehensive visibility.

  • SOAR-based automation and orchestration: Security operations can be automated by utilizing SOAR capabilities, allowing for the unified management of security processes that integrate on-premise equipment and cloud services. For example, it is possible to automate response actions for on-premise equipment such as network firewalls, IDS, IPS, and VPNs, while simultaneously applying security measures on cloud resources. This facilitates rapid threat response and significantly alleviates the security team's workload by minimizing repetitive tasks.

  • Long-term storage of cloud logs: The service offers cost-effective storage options for long-term log retention, helping to meet compliance and security audit requirements while reducing storage costs. Long-term logs are automatically transitioned to long-term storage, significantly saving costs while allowing quick access when needed.

  • Automated threat detection and response: The service utilizes AI and machine learning to detect potential threats in advance and execute automated response procedures. Predefined playbooks trigger immediate actions upon threat detection, allowing the security team to focus on critical tasks.

  • Customizable playbooks: SOAR playbooks can be tailored to meet the specific needs of the organization to develop customized response strategies for particular on-premise equipment or cloud services. This allows companies to optimize security processes and respond to threats more quickly.

  • Logpresso Store for third-party plugins: By installing a variety of apps available in the Logpresso Store, users can immediately utilize third-party features such as log collector, SIEM detection rules, and automated response commands and playbooks. In addition to seamless integration with existing solutions such as EDR, NDR, ASM, and CSPM, various applications—including GitHub and Microsoft 365—can also be directly integrated into SIEM and SOAR systems. This integration not only enhances security operations but also enables organizations to effectively respond to evolving threats, ensuring a robust and agile security infrastructure.

  • Automated compliance report generation: The service offers reporting features designed to assist with compliance requirements such as GDPR and PCI-DSS, enabling organizations to quickly and easily fulfill their regulatory obligations.



Bongyeol Yang, Logpresso's CEO, stated, "In a hybrid environment where on-premise and cloud infrastructures are mixed, it is crucial for corporate security teams to manage all resources comprehensively and automate threat responses. The Logpresso Cloud service offers high visibility and automated responses in such complex environments, facilitating significant improvements in security operations."

Logpresso is a cybersecurity company based in Seoul, South Korea, established in 2013. The company secured seed investment from Woori Bank in 2019 and raised USD 4.5 million in Series A funding from KB Investment, K2 Investment, and CJ Investment in 2023.

Read the original article here

See Also

More

KB Kookmin Bank Case Study

KB Kookmin Bank announced plans to launch its own unified cyber security platform. Work began on the platform with IBM in the second half of last year and live service is scheduled to start after pilot operations are concluded early next month. KB Kookmin Bank announced on the 26th that it will create a next-generation security platform, the KB Unified Cyber Security Platform, a continuous and comprehensive integrated monitoring system for security threats that is scheduled to open in May. Currently, humans cannot analyze the numerous security data generated by security systems in real-time. There is a need to improve the current security platform by developing an integrated monitoring system for individual solutions. This is not just a problem for KB, but has been a genuine concern of the entire financial sector. In line with these needs, KB’s unified cyber security platform is being built to respond to increasing external threats by collecting and analyzing abnormal signals generated from heterogeneous security solutions and identifying correlated threats in real-time in one platform. KB unified cyber security platform can collect and correlate security data in its entirety and uses a plug-in technology to modify the system and dashboard. An integrated dashboard and a web system are configured as well, which enables correlation analysis of policy enforcement status and threat behavior by user-defined search. The framework supports the correlation of anomalies and manages policy enforcement through data analytics from heterogeneous security systems. A KB employee said, “In addition to features provided from existing ESM (Enterprise Security Management), it can comprehensively respond to insider threats as well as network-based external threats with the correlation analysis.” The platform provides machine learning capabilities, which offers a significant improvement over the limitations of existing rule-based detection, and automates security threat detection through self-learning. KB explained that it is now possible to predict anomalies such as DDoS attacks, abnormal communication, and system failures. In particular, it provides consistent visibility of the enterprise for security policy enforcement and incident response for executives and security analysts. With this, it is expected to respond to breaches in a timely manner, and strengthen information security controls. This unified cyber security platform is differentiated from the existing platforms in that C-level executives, including the CEO, can see the enterprise security posture like a security analyst in the field. In the past, engineers had to analyze logs generated from endpoints, servers, and networks first. But with KB's unified cyber security platform, executives can easily see them on a single, unified screen. This type of platform that staffs as well as executives can easily use to check the security posture is unprecedented in the finance sector. “Information security matters as it can threaten the existence of the company. But it is an invisible and often unknown issue unless you are an expert. Many companies have been making a lot of effort to increase the security awareness of their employees, but the reality is that we are experiencing a lot of difficulties,” said a KB spokesperson. "If the accessibility to the data is improved through our system, it will naturally improve the awareness of the importance of security among our employees," added a KB spokesperson. KB Kookmin Bank has also built a system for collecting and analyzing threat data that can be synchronized with the Korea Internet & Security Agency (KISA) and the Financial Security Agency database. It also centralized the administration of the entire firewall policies and monitoring of resource usages and operational status. KB Kookmin Bank said that its unified cyber security platform represents a new security paradigm and will improve the information security environment and enable rapid response against new cyber attacks. Last July, KB Kookmin Bank held an RFP briefing session for the “Unified Cyber Security Platform” and the budget was announced at 3.82 billion won including hardware, software, and professional services. After that, KB selected IBM as the main service provider. <Reporter Choi Minji> cmj@ddaily.co.kr Read the original article here: https://www.ddaily.co.kr/news/article/?no=168208

2018-04-26

NH Investment & Securities Case Study

The winds of change are blowing in the IT field of the securities industry. Introducing cutting-edge IT technologies from big data, artificial intelligence (AI), open banking, and the cloud to blockchain technology, now it is taking a step forward in the financial technology innovation, leaving incomplete security systems and outdated infrastructure behind. Let's meet the IT executives of major securities companies and hear about their new technology introduction plans and recent achievements. The first interviewee is Baek Jong-woo, Chief Information Security Officer (CISO, Managing Director) of NH Investment & Securities, who is hunting for scam bank accounts using big data technology. “By using big data to automatically search for suspicious accounts in real-time, the accuracy of scam accounts detection has been increased. It also significantly saves time.” Jong-woo Baek, chief information security officer (CISO, managing director) of NH Investment & Securities at the NH Nonghyup Foundation office in Yeouido, Seoul, on the 13th, told us the results of the recently built big data-based scam accounts monitoring system. On the 9th of last month, the NH Investment & Securities Information Protection Department, led by Managing Director Baek, built the industry's first big data-based scam accounts monitoring system. With this, 4 scam accounts have been identified and caught in the past month. NH Investment & Securities' scam accounts monitoring system is an upgraded version of the fraud detection system (FDS) built in 2014. Ahead of other securities companies, NH Investment & Securities has focused on integrating big data technology into the existing system. It was certain that there was a limit to practically detecting abnormal trading only with FDS. “Most cases of using scam accounts are such as that a transaction occurs suddenly from an inactive account, or that an automatic online or offline withdrawal is made immediately after deposition at a random ATM. We need to construct the big data platform to analyze scam account networks.” Baek said. "At that time in 2014, with the Financial Investment Association, six securities companies gathered to implement an FDS by purchasing a solution together, but big data technology was not included in the proposed solution," he said. “We were already certain that big data technology would play a larger role in the future and started to build our own solution.” NH’s monitoring system applies 30 to 40 of its own rules and 10 scenarios that reflect the characteristics of scam accounts to the vast amount of collected data. If a suspicious account is identified, it sends a notification message to the operator. The operator checks and transmits the scam account information to the Korea Federation of Banks and related institutes. Then the Korea Federation of Banks requests the associated financial institution for confirmation and then takes measures such as suspension of payment. This big data-based scam account monitoring system has significantly reduced costs of time and manpower. While the existing FDS analyzes 400,000 cases per day, this monitoring system can analyze more than 700,000 cases per day. The scope of data collected has also been broadly expanded from the internet banking transactions to all account transactions at each branch, CDs and ATMs, and suspicious account activity detected by the KFTC (Korea Financial Telecommunications & Clearings Institute), and accounts with temporary withdrawal suspension. The detection method has also been diversified. Not only does this require the 2-factor authentication step before transfer but also checks the main transaction log and history simultaneously. “In the past, 2 personnel had to monitor 300 to 500 suspicious accounts manually. But it was, of course, difficult to see them all day long. Now, thanks to the automated system, it requires only one person to check for an average of 70 cases per day, which takes an hour or two,” he explained. Enterprise-wide support made it possible to introduce such advanced technology before others. One billion won has been invested in the monitoring system. From this month, it also started to develop an integrated monitoring system that can analyze correlations between log data generated by various security solutions together. Director Baek said, “Personal data breach and illegal transactions in the financial sector undermine the public trust in the financial sector. It is a non-negotiable choice that we made a large investment to overcome this situation and improve our reputation.” “By launching our new SIEM system in early December, we are expecting to prove more enhanced security posture.” <Reporter Yoojung Kim> clickyj@dt.co.kr Read the original article here: [http://www.dt.co.kr/contents.html?article_no=2016061402100658759001](http://www.dt.co.kr/contents.html?article_no=2016061402100658759001)

2016-06-13

BNK Busan Bank Case Study

With the goal of “redesigning its security architecture innovatively,” BNK Busan Bank has built a cyber security platform over the past two years. More specifically, it is an cyber security platform based on risk assessment. Last year, the BNK deployed a SIEM (Security Information & Event Management) platform and cyber security portal based on big data technology to achieve efficient security operations. After adopting the risk management system to the platform, it recently launched full-fledged operations of the platform. Jeon Seong-in, the head of the Information Security Department at BNK Busan Bank, said, “This is to create an environment where we can effectively handle cyber risk by conducting a solid risk assessment, rather than just relying on unprioritized alert responses. We took our first step to not only identify potential risks and respond quickly but also to assess our security operations and investments and ultimately prove their effectiveness.” Cyber threats are becoming more diverse, sophisticated, and intelligent. The number of security solutions operated by an enterprise continues to increase. However, qualified security professionals are insufficient. Not only in Korea, but most companies around the world are also facing the same challenge. It is very difficult to analyze logs and events from numerous systems and prioritize important threats and respond quickly. SOC (Security operation center) is often criticized that even running dozens of security solutions only resulted in increasing system complexity and disappointing security effectiveness. BNK was in a similar situation. The information security department at BNK operates about 160 individual systems, from threat response to internal audit, personal and credit information protection, fraud detection and response, security planning, education, and compliance reporting. There are more than 50 types of security products which generate 150 gigabytes (GB) of logs every day. It is never easy for about 10 security professionals to identify, analyze, and handle the threats and risk factors. Director Jeon said, “We can no longer handle the cyber security issues simply by relying on the know-how, skills, or manual work of our personnel. The number of security products and the size of the IT work environment have increased. The more solutions we utilize, the more management points we need to take care of.” He added, “We saw the necessity to build an incident response process by establishing an integrated platform providing standardized indicators to filter threats and refine risk factors.” Busan Bank had long been operating an enterprise security management system (ESM) and expanding the network by operating a comprehensive control system. It associated ESM with other security solutions, threat management system (TMS), system management (SMS) and network management (NMS) systems as well. However, even in this way, there was a limit to analyzing data from the network, application, and user domain levels. After deriving opportunities and risks from SWOT (strengths, weaknesses, opportunities, and threats) analysis, BNK Busan Bank began to work on its innovative security infrastructure. Director Jeon said, “We made an integrated platform by using new technologies such as big data analysis and combining existing system resources. But the important thing here is you can’t have an integrated platform optimized for your needs by only using solutions provided by vendors. In order to create a platform that is optimized for our own organizational environment, it is necessary to understand the company’s information assets, internal security regulations, security awareness among members, and threat landscape. And you have to continuously refine it using other solutions.” To optimize its integrated platform, BNK Busan Bank defined its own threat scenario and independently created a threat management process and configuration management database. The task-based threat model analysis (TMA) method is applied to create threat scenarios. Currently, the Busan Bank cyber security platform collects the entire event log of security devices, and stores and analyzes the logs. In addition, a BI (Business Intelligence) system is applied for correlation analysis and drilldown. Middleware with a context database (DB) and correlation analysis function has been deployed to facilitate communication between the SIEM and the BI system. Middleware also provides alert notifications for threat or system failure. Along with this, the SIEM can perform in-depth investigations by associating with the external threat intelligence service and the network forensic system that can store and analyze all traffic. The risk management system is connected with the BI system and cyber security portal. In the cyber security portal, you can see security posture at a glance on the dashboard screen using multi-dimensional graphs, and inquire about the necessary information with ease. “It filters only threats that need an explanation and notifies the person in charge, who will take action according to an automated process. Key risk indicators are displayed in real-time,” explained Director Jeon. He continued, “Before applying big data technology, it was difficult to analyze a high volume of logs in an intended way. It now refines and integrates context information while maintaining the consistency of raw data, systematizes all processes and visualizes the security posture to ensure that not only security personnel but also management can see them. It means that all members of the organization can now perform security-related roles without exception.” Director Jeon said, "Thanks to the information security risk management system, it can identify risk level and high-priority issues by evaluating the value of assets and threat vulnerability, and provides the timing and measures." This means we can measure and quantify security issues to create a standardized indicator,” he emphasized. BNK’s cyber risk management system operates using an automated risk assessment process for security threats derived from the big data-based SIEM and context awareness technology. It is now possible to evaluate and calculate the level of risk from a business point of view, considering the importance of the information assets currently possessed, threats and vulnerabilities that cause damage, and provide objectives and strategic indicators. This is a KPI (Key Risk Indicator). Director Jeon said, “Based on the level of risk according to the value of the organization’s information assets, we derive measurable indicators and risk assessments. If this process is standardized and optimized, it is expected to present a more accurate ROI for security investment.” Director Jeon explained, “By automating the incident response process, which was often handled manually, it is now possible to implement a standardized process from threat detection, triage, response, and verification. As the level of data analysis has been increased, better threat visibility has been secured, and work efficiency has improved as various threats can now be quickly identified through correlation.” Busan Bank uses Logpresso as its big data-based SIEM platform and RSA Archer as its cyber risk management platform. In addition to these solutions, BNK Busan Bank has also formed independent control and operation rooms to quickly respond to intrusion incidents and is operating efficient security controls. Research is also going on to apply machine learning technology to security control to detect advanced threats and increase its accuracy. The case of a SIEM platform with big data and BI technology won the top prize in the financial security best practice competition held by the Financial Security Institute last year. Woo Seong-hoon, Section manager of the information security department at BNK Busan Bank, and Kim Min-joon, assistant manager and other 3 personnel wrote this project thesis. <Reporter Lee Yoo-ji> yjlee@byline.network Read the original article here: https://byline.network/2019/06/12-51/

2019-06-12