UEBA solution

Does LogPoint offer a UEBA solution?

Yes. LogPoint provides a full cloud-based UEBA offering with full encryption and pre-built analytics covering Use Cases such as: Account Compromise, Account Misuse, Infected Host, Internal Reconnaissance, Insider Fraud, Lateral Movement, Data staging and exfiltration.

More information: https://www.logpoint.com/en/product/ueba-solution/

How is UEBA delivered in LogPoint?

LogPoint UEBA is delivered through a hybrid-cloud offering, enabling customers to achieve very low time-to-value as the data is already prepared in the SIEM and streamed to the cloud for processing.

More information: https://www.logpoint.com/en/product/ueba-solution/

How many models does the LogPoint UEBA solution employ?

In the LogPoint UEBA module, detection runs through a wealth of ML models (currently 400+ models) including peer-grouping, advanced clustering, and fast streaming detection of patterns. Risk rating is carried out on unlikeliness of the behavior and severity of the sequence on actions taken.

What is the time-to-value with the LogPoint UEBA solution?

LogPoint UEBA separates itself from other SIEM vendors by having the lowest time-to-value: UEBA works from day-one. Analysts achieve best-in-class coverage with detection capabilities, as the UEBA solution is source-agnostic. As long as data is normalized and stored in the SIEM, any application (in-house, cloud, business application) is fully supported.

How does LogPoint help analysts prioritize UEBA observations?

Analysts can effectively prioritize observations as risk scores have a maximum value of 100. This is a result of very advanced machine learning that looks at sequences of observations, historical observations for the user and the general state of the network. Many competing solutions continuously summarize alerts together and with no maximum scoring in place, provides no means for an analyst to relatively assess the total impact.

How does LogPoint apply risk scores to user activity?

The risk score has an absolute max value of 100. Risks scores are not aggregated to increasing values but is adjusted through ML to be within a range of 0-100, allowing for easy thresholding.

This approach is superior to other solutions since you always know what the riskiest entities are, and you know which risk scores are extreme, high, low, etc. Other vendors without a limit on risk score make it impossible to know what is risky and what is normal.