LogPoint product overview
LogPoint delivers a unified SIEM, SOAR, and UEBA tool that accelerates threat detection and response. It provides real-time data analysis, early detection of data breaches, data collection, data storage, and accurate reporting. Moreover, it bolsters organizations in the fight against evolving threats by giving them a single source of truth — an intuitively designed platform with the capabilities necessary to ensure their safety.
Powered by machine learning and backed by an industry-leading support team, LogPoint’s complete cybersecurity operations platform identifies emerging threats within the infrastructure, integrating with numerous threat intelligence feeds. Analysts can automate event interrogation, screening hundreds of thousands of indications of compromise to evaluate the data based on known attacks.
Pros of LogPoint
- Its Incident Prioritization feature guides the response to the incidents that matter most. It reduces the impact the organization faces from threats.
- Its single taxonomy simplifies pivoting around the network across data sources, gathering information, and filtering.
Cons of LogPoint
- According to users, it lacks documentation for complex deployment.
Breakdown of core features
Advanced cyber threat detection
LogPoint makes use of several approaches to combat advanced cyber threats and includes analytics in the form of alert rules, dashboards and data mappings. Using LogPoint’s threat intelligence application, it’s possible for analysts to devise correlation rules. In addition, they can employ machine learning and data exploration to observe unusual activity patterns across devices for advanced cyber threat detection.
The platform uses threat intelligence feeds to automate some aspects of threat hunting. It utilizes threat intelligence feeds at the time of ingest, evaluating data against all known configured threats. It also applies threat intelligence during analysis. As a result, users can submit any amount of historical data for assessment against the most recent threat intelligence feeds to see if they match any new knowledge about attacks.
Security functionality in LogPoint closely connects to the MITRE ATT&CK framework to assist in battling threats. The software develops all queries and future technological enhancements around the common ATT&CK taxonomy. Furthermore, alerts are configured to the different stages of the ATT&CK model, accelerating getting situational awareness of the entire system.
The LogPoint ATT&CK Navigator provides more information about the tactics and techniques and indicates which are covered by LogPoint SIEM and LogPoint UEBA. Security analysts can use the navigator to match system alerts with their relevance to ATT&CK, from initial access to privilege escalation to lateral movements to data exfiltration.
User and Entity Behavior Analytics (UEBA)
LogPoint UEBA is based on advanced machine learning. It analyzes the behavior of users and entities to find interesting or malicious behaviors and patterns within the infrastructure. This feature makes the security team smarter by accelerating detection and response to threats without increasing the workload of security analysts. UEBA improves the efficiency of security and operations staff and assists them in finding otherwise difficult to identify threats.
(Last updated on 04/15/2022 by Liz Laurente-Ticong)