About Us

LogPoint to acquire SecBI, bringing native SOAR and XDR solutions to the company

LogPoint, a worldwide cybersecurity innovator, has announced the acquisition of SecBI, a disruptor in automated cyber threat detection and response based in Tel Aviv. LogPoint’s capabilities will be enhanced by the addition of playbook-based automation that improves cyber threat detection and response. SecBI’s universal SOAR and XDR platform will integrate seamlessly with LogPoint, supporting the company’s objective to transform client’s cyber resiliency through innovation by simplifying the complex work of security operations.

“Combining SecBI with LogPoint SIEM and UEBA will immediately drive tremendous value to our current and future customers. As organizations large and small face the most critical cyber threats, security teams need solutions that will help them be more effective and efficient in protecting their organization. This integration will allow customers to quickly launch automated notifications and security remediations using our full-native SOAR capabilities. This is a major step forward in delivering our XDR-enabled operations platform giving our partners and customers one of the most innovative, intuitive, and proven solutions available,” said Jesper Zerlang, LogPoint CEO. 

LogPoint will continue to move toward overcoming the complex cybersecurity concerns that SOCs confront today with the quick integration of SecBI SOAR and XDR technology. Clients will be able to remove false positives and automate incident response as a result of the acquisition. These comprehensive, complementary platforms will work together to automate repetitive tasks, coordinate threat remediation workflows, and autonomously analyze, prioritize, and execute playbooks, allowing analysts to focus on genuine threats and better secure enterprises.

“We are excited to join LogPoint and integrate seamlessly to further extend the company’s foundational cybersecurity solution. With the inclusion of the SecBI technology, LogPoint takes automation to the next level to address the challenges organizations and cybersecurity analysts are facing in responding rapidly to an exponentially rising number of incidents,” said Gilad Peleg, SecBI CEO.

“The combination of LogPoint technology with SecBI XDR and SOAR, creates an end-to-end cybersecurity powerhouse that has exactly the right combination of technology, human capital, and growth potential. Merging Israeli cybersecurity expertise into the international LogPoint organization entails a huge potential for customers across the globe. We look forward to working with Jesper and his team to build a category leader,” said Yoav Tzruya, General Partner at Jerusalem Venture Partners.

User & Entity Behaviour Analytics – An Overview

UEBA technologies employ analytics to construct standard profiles and behaviours for users and entities (servers, routers) in an Enterprise firm over a period. This is referred to as “baselining”. Activity that differs from these standard baselines is flagged as suspicious by UEBA technology and analytics applied to these anomalies helps in the discovery of possible risks and security incidents.

The term UEBA was introduced by one of the leading research firm Gartner. UEBA Solutions includes following three factors –
Use Cases – UEBA solutions gives information on how employees, clients and other entities in the organization’s network behave. They conduct activities like anomaly identification, alerting and tracking. And, contrasting to traditional single use-case based specialized tools, UEBA tools are applicable to multiple use cases.
Data – UEBA collects real time event data in structured and unstructured format from user’s and entity’s activities directly or through an existing IT repository. This Enriched data must be machine-readable.
Analytics – UEBA Solutions uses analytics for user focused data exploration and visualization with machine learning (ML) and statistical models by comparing baseline rules with users and entities’ activities with their profiles to detect anomalies.

UEBA Solution Benefits
UEBA Solutions consider both internal and external threats of an organization when creating new policies and rules. When the attack pattern is unknown (zero-day attack), or if the attack enters laterally by changing credentials, IP addresses in an enterprise, traditional security tools struggle to identify a compromised insider. UEBA solutions can detect these attacks because attackers force compromised users or entities to behave differently than defined rules or baseline.

In most cases, UEBA solutions are provided as a cloud-based service or on-premises, sometimes both to an organization. UEBA vendors often require companies to install appliances for network traffic monitoring. The vendor’s approach and design are flexible in terms of the organization’s current and future needs. It’s takes time of 1 month or more to create baselines, profiles and classes of users and entities.

By determining which users reflect anomalous behaviour as compared to known baselines, UEBA solutions prioritize alerts. A security alarm would not be triggered by a single slightly unusual incident. To generate an alarm, the device needs several indicators of suspicious behaviour. This saves investigating team’s time by reducing number of alerts and allows security analysts to find actual security issues more quickly.

UEBA’s Application in IoT – UEBA can play vital role in security risk of Internet of Things (IoT). Huge number of internet-connected devices are deployed by businesses mostly with less security measures in place. Attackers can hack IoT devices and use them to steal information or to launch attack on other companies like DDoS attack. This can cause significant financial losses. UEBA can monitor large number of connected devices for an enterprise firm, create baselines for similar devices and detect when a device deviates from its normal behavior.

Advanced Analytics in UEBA Solutions – Data Integration helps UEBA solutions to compare data from various sources. UEBA solutions apply statistical models on data gathered from various sources with help of machine learning to do deep behavioural profiling in order to identify sensitive changes in user’s activity. The use of unstructured data for unsupervised learning gives big advantage. Data Presentation is used to present findings in a comprehensible way to security analysts.

Use Cases – Uniqueness of use cases separates UEBA solutions from other tools. UEBA solutions build use cases for various domains like malicious insider, incident prioritization, compromised insider, Identity and privileged access management, data exfiltration, etc. These pre-defined uses cases are available at one click on cloud storage which enables quick deployment.