Story image

LogRhythm dips toes into UEBA market to defend against user-based threats

05 Feb 18

LogRhythm is dipping its toes into the User and Behaviour Analytics (UEBA) market for organisations that aren’t able to replace their existing legacy solutions - and to protect against insider threats, account takeovers, as well as privilege abuse and misuse.

According to the company, some firms aren’t able to replace their existing legacy Security Information and Event Management (SIEM) solutions – however, a standalone UEBA is able to fit in right alongside.

LogRhythm decided to take an approach to UEBA that is ‘distinct’ in the marketplace by incorporating in-depth analysis of both unknown and known threats. It also uses machine and cloud-based analytics as part of a standalone platform.

According to a recent LogRhythm study, 88% of security professionals name insider threats as a growing concern for their organisation.

LogRhythm VP of products Chris Brazdziunas explains the company’s entrance into the UEBA market by saying that organisations are ‘under siege’ from a variety of threat actors.

 “Meanwhile, many security teams face significant obstacles securing qualified personnel to combat these threats. These challenges are sometimes heightened by organisational pressure to relax controls to unlock business productivity.”

“UEBA arms organisations to detect and respond to user-based threats. Analysts are provided evidence-based starting points for investigation, rich visualisations for effective analysis, and direct access to data for rapid response," Brazdziunas concludes.

The company designed its solution to also conduct analysis of areas such as customer feedback for better accuracy; and the collection of threat training data across an entire organisation and its extended customer footprint.

LogRhythm says this collection strategy makes the product smarter and faster, particularly in situations surrounding insider threats, account takeovers, as well as privilege abuse and misuse.

“A significant number of large enterprises are replacing their legacy SIEMs with LogRhythm’s next-gen platform, but not every organisation is able to do that today,” comments LogRhythm’s vice president of marketing and business development, Matt Winter.

 “With LogRhythm UEBA, customers that aren’t yet ready for full replacement no longer have to settle for an unproven and functionally limited ‘SIEM helper’ or similar point product to get more value out of their existing SIEMs. Instead, LogRhythm now offers them a full-featured solution that’s architected to scale, can seamlessly grow with them as their needs evolve and has been repeatedly proven in large global deployments.”

LogRhythm UEBA is a standalone version of the LogRhythm product set for non-LogRhythm Enterprise or XM customer environments. The product is commercially available, and pricing is based on a per-user model, with hardware included through a subscription.