LogRhythm adds standalone user behaviour analytics solution

LogRhythm has long been known for its system information and event management (SIEM) suites, which recently added a cloud-based user and entity behaviour-based threat detection option.

Now the company has released a stand-alone user behavior analytics product aimed at medium and enterprise-sized organizations that either don’t have a SIEM or have one that is made by a competitor.

LogRhythm UEBA is a SaaS solution sold by subscription. A small on-premise appliance – either software or hardware – is needed for data collection, either from a SIEM or the corporate authentication and access system. After that, the processing is done in the cloud.

LogRhythm UEBA dashboard

Chris Brazdziunas, the company’s vice-president of products, noted in an interview that in October it announced the Cloud AI analytics option for its LogRhythm Enterprise and XM suites.

“There’s interest in having access to those analytics by enterprises that either do not have a SIEM or have an existing SIEM” that isn’t from LogRhythm,” she said. “So we’ve chosen to provide access to our analytics capability through a standalone product.”

“The far majority of breaches involve some sort of user-based issue, either insider threat or stolen or weak credentials.”

The company says LogRhythm UEBA applies both machine learning-based behavioral analytics – which profiles users — and real-time scenario-based analytics (such as statistical analysis, rate analysis, trend analysis, advanced correlation) to expose user-based threats such as insider threats, account takeover, and account privilege abuse and misuse. It applies risk context to user activities to help prioritize investigation of potentially malicious behaviour. As a result, the company says it can detect known and unknown threats.

While it can collect access logs, host security logs and threat intelligence LogRhythm UEBA doesn’t yet collect data from the network.

Brazdziunas said competitors with standalone user behavior analytics include Exabeam UEBA and Securonix Bolt. There are others, including Ottawa’s Interset, Forcepoint, Fortscale, Gurucul and Palo Alto Networks LightCyber. Each has different capabilities, and some describe them in generic terms — like “threat detection” — which is why Forrester Research recommends CISOs demand  detailed description using nonmarketing language.

At least one analyst believes the standalone UEBA makers will disappear as their products are absorbed into SIEM, identity and access management suites or enterprise endpoint solutions.

Delivering LogRhythmUEBA as SaaS offering caters to the desire of CISOs for more cloud solutions, Brazdziunas said.

LogRhythmUEBA will be sold through the company’s channel partners, with pricing starting at US$100 per user a year for 100 users. There is a discount for more users.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now