LogPoint Acquires SecBI to Add SOAR and XDR Platforms

LogPoint, a provider of security information event management (SIEM) platform and user behavior analytics tools, today revealed it has acquired SecBI, a provider of an integrated security orchestration and automated response (SOAR) and extended detection and response (XDR) platform.

Jesper Zerlang, LogPoint CEO, said going forward, LogPoint will also integrate the SOAR platform created by SecBI with the SIEM platform it already provides to enable organizations to create automate playbooks that can be executed when security attacks are detected.

The combined offerings will also reduce the number of false positive alerts that security operations teams are required to investigate, he added.

LogPoint

XDR platforms are often viewed as the next-generation successor to SIEM platforms that security analysts use to query data in the hopes of discovering a cybersecurity attack. XDR platforms, in contrast, automatically generate alerts based on data that is continuously collected from the IT environment.

Zerlang said LogPoint expects organizations—depending on use cases, analyst preference and ability to invest—will continue to employ a mix of SIEM and XDR platforms for some time to come. In the meantime, understaffed cybersecurity teams will need to continue to automate processes to both handle the volume of attacks being launched against them and reduce the total cost of cybersecurity, noted Zerlang.

In general, cybercriminals have become more adept at evading, for example, firewalls. As a result, cybersecurity teams need to rely more on analytics tools to discover attacks. The challenge with SIEM platform is cybersecurity teams need to know what queries to launch to surface actionable intelligence. An XDR platform continuously analyzes data to surface insights that are indicative of a potential breach that reduce the need for organizations to rely on expensive security analysts to discover every potential threat. That approach also reduces the overall load on security analysts that might then be able to spend more time investigating more sophisticated attacks that require them to launch queries against a SIEM platform.

It’s not clear whether organizations have an appetite for additional security platforms. There is no doubt spending on security continues to increase; however, many organizations are also questioning the return on investment from those platforms as the number of security incidents continues to rise. The paradox is security teams clearly need to apply more advanced automation to combat threats that are not enabled using their existing platforms. In time, however, many organizations will also move to consolidate security platforms to rein in the cost of security.

In the meantime, it’s also apparent that cybercriminals have invested heavily in automation. In effect, organizations now find themselves in an automation arms race against cybercriminals that have lots of ill-gotten financial resources to draw upon. The degree to which any organization might be able to sustain that arms race will vary. However, in the absence of any type of automation, it’s highly probable there will be more breaches and that it will take longer to discover them. As every cybersecurity professional knows, the longer it takes to discover those breaches, the more mayhem ensues.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 747 posts and counting.See all posts by mike-vizard