LogRhythm, a security intelligence company that provides threat lifecycle management technology, has launched a standalone user and entity behavior analytics (UEBA) product for threat detection and mitigation. Among the key twists: LogRhythm UEBA can augment third-party SIEM (security information and event management) platforms, and doesn't require LogRhythm's own SIEM offering.
The UEBA offering applies machine learning-based behavioral analytics and real-time scenario-based threat detection to identify user-based threats, according to a prepared statement. It provides increased security coverage with minimal investment, the company asserts, and helps organizations eliminate the dangers associated with compromised accounts, insider threats and other user-based risks.
How Does LogRhythm UEBA Work?
LogRhythm UEBA uses analytics to identify known and unknown threats, LogRhythm indicated. It applies machine learning and scenario analytics to detect and prioritize critical events, the company added, and leverages cloud-based analytics that account for customer feedback.
Organizations can use LogRhythm UEBA to identify a wide range of user-based threats, including:
- Account takeover.
- Insider threats.
- Privilege abuse and misuse.
In addition, LogRhythm UEBA collects threat training data from across an organization and its customer base, LogRhythm said. It also provides access to a library of user-based threat scenarios, enabling an organization to analyze security protocols and find ways to speed up threat identification and response.
LogRhythm UEBA is now commercially available, with pricing based on a per-user model and hardware included through a subscription.
What Is UEBA?
UEBA products blend basic and advanced analytics to identify potential security incidents based on anomalous user and entity profiles and behaviors, according to technology research firm Gartner. They correlate user and entity activity and behaviors, aggregate individual risky behaviors and provide near-real-time threat monitoring and alerting.
The global UEBA market is expected to expand at a compound annual growth rate (CAGR) of 47.1 percent between 2016 and 2021, market research firm MarketsandMarkets has projected. Key factors expected to drive this segment's growth include:
- Increasing need to prevent insider threats posed by users.
- Rapid deployment of real-time analytics.
- Shortage of trained IT security professionals.
UEBA Security Product Considerations
Ultimately, choosing the right UEBA product can be difficult for organizations, regardless of their size or industry. Gartner offered several recommendations to help organizations evaluate UEBA products, and these recommendations included:
- Consider your UEBA needs. Select a UEBA product based on the threats that an organization wants to identify and address.
- Analyze required data sources. Know how data must be provided to a UEBA product to ensure successful product implementation and use.
- Supplement a UEBA product with organizational knowledge. Don't expect a UEBA product to solve all of an organization's security issues. Instead, provide employees with security training, configure and tune a UEBA product and evaluate all potential security incidents.
With UEBA products, organizations can improve their threat detection capabilities across a variety of use cases, Gartner pointed out. As such, selecting the right UEBA product can help an organization effectively analyze, detect, prioritize and respond to user-based threats.