Story image

LogRhythm dips toes into UEBA market to defend against user-based threats

05 Feb 18

LogRhythm is dipping its toes into the User and Behaviour Analytics (UEBA) market for organisations that aren’t able to replace their existing legacy solutions - and to protect against insider threats, account takeovers, as well as privilege abuse and misuse.

According to the company, some firms aren’t able to replace their existing legacy Security Information and Event Management (SIEM) solutions – however, a standalone UEBA is able to fit in right alongside.

LogRhythm decided to take an approach to UEBA that is ‘distinct’ in the marketplace by incorporating in-depth analysis of both unknown and known threats. It also uses machine and cloud-based analytics as part of a standalone platform.

According to a recent LogRhythm study, 88% of security professionals name insider threats as a growing concern for their organisation.

LogRhythm VP of products Chris Brazdziunas explains the company’s entrance into the UEBA market by saying that organisations are ‘under siege’ from a variety of threat actors.

 “Meanwhile, many security teams face significant obstacles securing qualified personnel to combat these threats. These challenges are sometimes heightened by organisational pressure to relax controls to unlock business productivity.”

“UEBA arms organisations to detect and respond to user-based threats. Analysts are provided evidence-based starting points for investigation, rich visualisations for effective analysis, and direct access to data for rapid response," Brazdziunas concludes.

The company designed its solution to also conduct analysis of areas such as customer feedback for better accuracy; and the collection of threat training data across an entire organisation and its extended customer footprint.

LogRhythm says this collection strategy makes the product smarter and faster, particularly in situations surrounding insider threats, account takeovers, as well as privilege abuse and misuse.

“A significant number of large enterprises are replacing their legacy SIEMs with LogRhythm’s next-gen platform, but not every organisation is able to do that today,” comments LogRhythm’s vice president of marketing and business development, Matt Winter.

 “With LogRhythm UEBA, customers that aren’t yet ready for full replacement no longer have to settle for an unproven and functionally limited ‘SIEM helper’ or similar point product to get more value out of their existing SIEMs. Instead, LogRhythm now offers them a full-featured solution that’s architected to scale, can seamlessly grow with them as their needs evolve and has been repeatedly proven in large global deployments.”

LogRhythm UEBA is a standalone version of the LogRhythm product set for non-LogRhythm Enterprise or XM customer environments. The product is commercially available, and pricing is based on a per-user model, with hardware included through a subscription.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Verifi takes spot in Deloitte Asia Pacific Fast 500
"An increasing amount of companies captured by New Zealand’s Anti-Money laundering legislation are realising that an electronic identity verification solution can streamline their customer onboarding."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.