LogRhythm has long been known for its system information and event management (SIEM) suites, which recently added a cloud-based user and entity behaviour-based threat detection option.
Now the company has released a stand-alone user behavior analytics product aimed at medium and enterprise-sized organizations that either don’t have a SIEM or have one that is made by a competitor.
LogRhythm UEBA is a SaaS solution sold by subscription. A small on-premise appliance – either software or hardware – is needed for data collection, either from a SIEM or the corporate authentication and access system. After that, the processing is done in the cloud.
Chris Brazdziunas, the company’s vice-president of products, noted in an interview that in October it announced the Cloud AI analytics option for its LogRhythm Enterprise and XM suites.
“There’s interest in having access to those analytics by enterprises that either do not have a SIEM or have an existing SIEM” that isn’t from LogRhythm,” she said. “So we’ve chosen to provide access to our analytics capability through a standalone product.”
“The far majority of breaches involve some sort of user-based issue, either insider threat or stolen or weak credentials.”
The company says LogRhythm UEBA applies both machine learning-based behavioral analytics – which profiles users — and real-time scenario-based analytics (such as statistical analysis, rate analysis, trend analysis, advanced correlation) to expose user-based threats such as insider threats, account takeover, and account privilege abuse and misuse. It applies risk context to user activities to help prioritize investigation of potentially malicious behaviour. As a result, the company says it can detect known and unknown threats.
While it can collect access logs, host security logs and threat intelligence LogRhythm UEBA doesn’t yet collect data from the network.
Brazdziunas said competitors with standalone user behavior analytics include Exabeam UEBA and Securonix Bolt. There are others, including Ottawa’s Interset, Forcepoint, Fortscale, Gurucul and Palo Alto Networks LightCyber. Each has different capabilities, and some describe them in generic terms — like “threat detection” — which is why Forrester Research recommends CISOs demand detailed description using nonmarketing language.
At least one analyst believes the standalone UEBA makers will disappear as their products are absorbed into SIEM, identity and access management suites or enterprise endpoint solutions.
Delivering LogRhythmUEBA as SaaS offering caters to the desire of CISOs for more cloud solutions, Brazdziunas said.
LogRhythmUEBA will be sold through the company’s channel partners, with pricing starting at US$100 per user a year for 100 users. There is a discount for more users.