Cybersecurity specialist Logpresso has announced the launch of Logpresso Cloud, a Cloud SIEM service encompassing on-premise and cloud infrastructure, via the KakaoCloud Seoul Region.
Logpresso Cloud is the first SaaS-based Cloud SIEM service offered by a Korean vendor. This service allows comprehensive monitoring and automated threat response across existing on-premise infrastructure, as well as a wide range of SaaS, PaaS, and IaaS solutions utilized by many businesses in their daily operations.
Corporate infrastructure is quickly transitioning to the cloud. Previously, on-premise and cloud monitoring solutions were siloed, making it challenging to secure unified visibility in today's fast-changing cybersecurity threat landscape. However, cybersecurity officers of companies now need to ensure comprehensive visibility across on-premise, cloud, and SaaS environments covering both security and IT resources to respond to cyber security threats effectively.
The Logpresso Cloud service significantly reduces the complexity of security management by leveraging the flexibility and scalability of cloud environments while offering full visibility into the traditional on-premise systems. In particular, it offers enterprise-level SIEM in cloud environments, enabling real-time analysis and automated threat detection and response by integrating security events and log data from various environments. Additionally, log data can be stored cost-effectively for the long term in the cloud environment.
The main features of the Logpresso Cloud service are:
-
Integrated security monitoring for on-premise and cloud environments: It enables monitoring of the entire infrastructure from a single platform, covering not only on-premise servers and network devices but also cloud resources like AWS, Google Cloud, and Azure, as well as various SaaS such as Microsoft 365 and GitHub. This allows companies to centralize security operations on a cloud-based platform, ensuring comprehensive visibility.
-
SOAR-based automation and orchestration: Security operations can be automated by utilizing SOAR capabilities, allowing for the unified management of security processes that integrate on-premise equipment and cloud services. For example, it is possible to automate response actions for on-premise equipment such as network firewalls, IDS, IPS, and VPNs, while simultaneously applying security measures on cloud resources. This facilitates rapid threat response and significantly alleviates the security team's workload by minimizing repetitive tasks.
-
Long-term storage of cloud logs: The service offers cost-effective storage options for long-term log retention, helping to meet compliance and security audit requirements while reducing storage costs. Long-term logs are automatically transitioned to long-term storage, significantly saving costs while allowing quick access when needed.
-
Automated threat detection and response: The service utilizes AI and machine learning to detect potential threats in advance and execute automated response procedures. Predefined playbooks trigger immediate actions upon threat detection, allowing the security team to focus on critical tasks.
-
Customizable playbooks: SOAR playbooks can be tailored to meet the specific needs of the organization to develop customized response strategies for particular on-premise equipment or cloud services. This allows companies to optimize security processes and respond to threats more quickly.
-
Logpresso Store for third-party plugins: By installing a variety of apps available in the Logpresso Store, users can immediately utilize third-party features such as log collector, SIEM detection rules, and automated response commands and playbooks. In addition to seamless integration with existing solutions such as EDR, NDR, ASM, and CSPM, various applications—including GitHub and Microsoft 365—can also be directly integrated into SIEM and SOAR systems. This integration not only enhances security operations but also enables organizations to effectively respond to evolving threats, ensuring a robust and agile security infrastructure.
-
Automated compliance report generation: The service offers reporting features designed to assist with compliance requirements such as GDPR and PCI-DSS, enabling organizations to quickly and easily fulfill their regulatory obligations.
Bongyeol Yang, Logpresso's CEO, stated, "In a hybrid environment where on-premise and cloud infrastructures are mixed, it is crucial for corporate security teams to manage all resources comprehensively and automate threat responses. The Logpresso Cloud service offers high visibility and automated responses in such complex environments, facilitating significant improvements in security operations."
Logpresso is a cybersecurity company based in Seoul, South Korea, established in 2013. The company secured seed investment from Woori Bank in 2019 and raised USD 4.5 million in Series A funding from KB Investment, K2 Investment, and CJ Investment in 2023.
Read the original article here