Perimeter

12/27/2017
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

LogRhythm Introduces Standalone User and Entity Behavior Analytics Offering

LogRhythm UEBA provides increased security coverage, faster threat detection with minimal investment.

Boulder, CO — LogRhythm, The Security Intelligence Company, today announced it has entered the User and Entity Behavior Analytics (UEBA) market with the introduction of LogRhythm UEBA, an independent analytics product that enhances the security of environments for customers that wish to augment a non-LogRhythm SIEM or introduce a standalone UEBA product if there is no formal SIEM in place. LogRhythm’s UEBA offering applies both machine learning-based behavioral analytics and real-time scenario-based threat detection to provide complete coverage in detecting user-based threats. These capabilities are combined within LogRhythm’s integrated workflow for detection and response, providing a highly efficient solution in recognizing and mitigating user-based threats.  

Based on advanced analytics of user behavior, LogRhythm UEBA provides increased security coverage with minimal investment for security professionals in enterprise and SME organizations who need protection from insider threats, compromised accounts, admin abuse and other user-based threats.

“Organizations are under siege by an ecosystem of threat actors, from motivated insiders to well-armed nation-states,” said Chris Brazdziunas, VP of products at LogRhythm. “Meanwhile, many security teams face significant obstacles securing qualified personnel to combat these threats. These challenges are sometimes heightened by organizational pressure to relax controls to unlock business productivity. UEBA arms organizations to detect and respond to user-based threats. Analysts are provided evidence-based starting points for investigation, rich visualizations for effective analysis, and direct access to data for rapid response.”

LogRhythm UEBA is distinct in the marketplace because, unlike other UEBA point solutions that use limited analytical methods, LogRhythm UEBA detects known and unknown threats via in-depth analytics, applying machine learning and scenario analytics to quickly surface and prioritize critical events. Further, LogRhythm UEBA employs cloud-based analytics that can evolve over time, taking into account feedback from customers to hone accuracy. LogRhythm UEBA collects threat training data from the whole of an organization’s activity and across its extended customer footprint. Collecting feedback from a global set of SOC analysts and incident responders makes the product smarter and faster. Additionally, LogRhythm provides customers with a library of field-proven user-based threat scenarios that operate in coordination with ML-observed activities to corroborate security relevancy for greater precision in identifying threats.

LogRhythm UEBA breathes life into existing and legacy SIEM deployments with an easy to deploy, highly effective UEBA solution that delivers fast ROI. Specific use cases for LogRhythm UEBA include:

  • Insider threat: A new study finds that most security professionals (88 percent) view insider threats as a dangerous and growing concern for their organization. LogRhythm UEBA provides machine-assisted monitoring of contractors and high-impact teams such as IT, finance and sales to prevent data theft, fraud, sabotage, policy violations and other dangerous activity. It uses behavioral profiling to spot deviations from normal behavior and scenario analytics to recognize established patterns.
  • Account takeover: Attackers who have compromised a network will attempt to take control of an account and move laterally until they attain their target. LogRhythm UEBA unmasks these imposters by examining the behavior of individual users and associated peer groups. External threats are quickly identified, preventing further compromise and damage.
  • Privilege abuse and misuse: With extensive access to systems and data, privileged users present heightened risk to the organization. LogRhythm UEBA helps ensure access rights are used appropriately. Its algorithms automatically monitor the creation and deletion of privileged accounts, the elevation of permissions, and the suspicious use of privileged accounts.

“A significant number of large enterprises are replacing their legacy SIEMs with LogRhythm’s next-gen platform, but not every organization is able to do that today,” said Matt Winter, vice president of marketing and business development at LogRhythm. “With LogRhythm UEBA, customers that aren’t yet ready for full replacement no longer have to settle for an unproven and functionally limited ‘SIEM helper’ or similar point product to get more value out of their existing SIEMs. Instead, LogRhythm now offers them a full-featured solution that’s architected to scale, can seamlessly grow with them as their needs evolve and has been repeatedly proven in large global deployments.”

LogRhythm UEBA is a standalone version of the LogRhythm product set for non-LogRhythm Enterprise or XM customer environments. The product is commercially available, and pricing is based on a per-user model, with hardware included through a subscription.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: In Russia, application hangs YOU!
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17177
PUBLISHED: 2018-09-18
An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs (event logs and core dumps) to a USB stick. These logs are RC4-encrypted with a 9-character password of *^JEd4W!I that is obfuscated ...
CVE-2018-17178
PUBLISHED: 2018-09-18
An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though the...
CVE-2018-11869
PUBLISHED: 2018-09-18
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in WMA handler.
CVE-2018-17176
PUBLISHED: 2018-09-18
A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all.
CVE-2018-11852
PUBLISHED: 2018-09-18
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper check In the WMA API for the inputs received from the firmware and then fills the same to the host structure will lead to OOB write.