Vendor Spotlight: Logpoint

Logpoint A/S is a cybersecurity company headquartered in Copenhagen, Denmark. They specialize in providing a comprehensive cybersecurity platform that includes:

  1. SIEM (Security Information and Event Management): Helps organizations detect and respond to security threats in real-time.
  2. UEBA (User and Entity Behavior Analytics): Analyzes user behavior to identify potential security risks.
  3. SOAR (Security Orchestration, Automation, and Response): Automates security operations to improve efficiency and response times.
  4. SAP Security: Ensures the security of SAP systems, which are critical for many businesses.

Logpoint’s solutions are designed to help organizations enhance their security posture by providing advanced threat detection, incident response, and compliance management. They serve a wide range of industries, including finance, healthcare, manufacturing, and government.

Logpoint A/S Founding and Background

Logpoint A/S, a Danish cybersecurity company, was founded in 2008 in Copenhagen, Denmark. The company specializes in providing Security Information and Event Management (SIEM) solutions. SIEM systems help organizations detect and respond to security threats by collecting and analyzing logs and events from various systems, devices, and networks. This is done by centralizing security data and applying advanced analytics, automation, and real-time monitoring to identify potential threats and anomalies.

The founders aimed to address the growing need for cybersecurity in a rapidly digitizing world. From its inception, Logpoint focused on providing log management and analysis tools that could help organizations make sense of the vast amount of data generated by their IT infrastructure. The company has evolved from basic log management into a comprehensive SIEM platform that integrates artificial intelligence, machine learning, and advanced analytics.

Timeline and Evolution

The date that Logpoint was created is a little confusing. The platform’s website declares that Logpoint was launched in 2012. However, the company’s founder, Søren Laustrup, records that he first started working on the company in 2005 and some key executives of the company joined in 2009.

Logpoint A/S started as a log management company in 2008 and evolved into a leading provider of SIEM solutions. Over time, the company expanded into advanced analytics, machine learning, and automation, and became recognized for its GDPR compliance and integration of SOAR and XDR. Logpoint has steadily grown into a global player in the cybersecurity industry, with offices across Europe, North America, and Asia.

  • 2008 – Founding of Logpoint A/S in Copenhagen, Denmark: The company focused on log management and analysis, which is the bedrock of a SIEM system.
  • 2010 – Launch of the SIEM Platform: Logpoint expanded its core offering to include SIEM capabilities, moving from simple log management to advanced threat detection and response.
  • 2012-2014 – Expansion Across Europe: Establishes offices in other European countries, including the UK, Germany, and France. Gained clients in industries such as financial services, healthcare, and government sectors.
  • 2015 – Entry into Global Markets: Logpoint initiated its international expansion into North America and Asia, establishing local offices to serve its growing customer base.
  • 2017 – Incorporation of UEBA: Introduction of User and Entity Behavior Analytics (UEBA), enabling more sophisticated anomaly detection by monitoring and analyzing user behaviors.
  • 2018 – GDPR Compliance: Logpoint became one of the few GDPR-compliant SIEMs ahead of the EU’s General Data Protection Regulation (GDPR) deadline in 2018.
  • 2020 – Adds Advanced Analytics and Machine Learning: Logpoint enhanced its platform’s threat detection capabilities by incorporating AI and machine learning algorithms.
  • 2021 – Introduction of SOAR Capabilities: Logpoint added Security Orchestration, Automation, and Response (SOAR) through its acquisition of SecBI.
  • 2022 – Shift Toward (XDR): Logpoint integrates Extended Detection and Response (XDR) into its portfolio. This correlates data across endpoints, networks, and cloud environments.
  • 2023 – Focus on Customer Experience: Logpoint enhanced its customer support and training programs, focusing on ensuring an easy-to-deploy platform.

In recent years, Logpoint has increasingly focused on the integration of machine learning and automation to enhance the threat detection and response capabilities of their platform, making it a strong competitor in the evolving cybersecurity landscape.

Today, Logpoint is recognized for providing a highly scalable and flexible cybersecurity platform, designed for both small and large enterprises across various industries, including finance, healthcare, and government sectors.

Company Ownership

Logpoint A/S was founded by Søren Laustrup. He established the company to provide innovative cybersecurity solutions, and it has since grown into a significant player in the cybersecurity industry.

Although it was founded in 2008, the company didn’t seek seed funding until January 2012. The $2 million raised from Danish venture capital firm Dico was used to expand Logpoint into foreign markets with the opening of offices in European capitals. The company gained $10 million from Evolution Equity Partners in its Series A funding round in April 2017. The company raised $30 million from Digital+ Partners (now called Yttrium), Evolution Equity Partners, and Dico in its Series B funding round in September 2020.

In 2021, Logpoint acquired Israeli cybersecurity firm SecBI, which had been owned by Jerusalem Venture Capital. JVC accepted shares in Logpoint in exchange for its shares in SecBI.

Logpoint A/S is currently owned by Summa Equity, a private equity firm. Summa Equity acquired Logpoint on March 2, 2023. This acquisition aims to bolster Logpoint’s growth and expand its presence in the European cybersecurity market. Digital+ Partners/Yttrium remains a shareholder.

Key People

The people who have molded Logpoint A/S are detailed below.

  • Søren Laustrup, Founder and Chairman (2022-2023): Laustrup ran the company personally for its first year and then handed over the reins to Jesper Zerlang. He headed up the Americas division of the company from 2018 to 2021. The founder remained a board member throughout its history until becoming Chairman in January 2022. When he stood down as Chairman in May 2023, he ended his day-to-day involvement with the company.
  • Jim Pflaging, Chairman of the Board (2023-Present): Taking over from Laustrup as Chairman of the Board of Logpoint must have been a little difficult for Pflaging, who is based in San Francisco in the USA. His main role is as Managing Partner of Cynergy Partners, which he founded in 2018. Pflaging specializes in advising businesses on their cybersecurity stances.
  • Jesper Zerlang, CEO (2009-2024): Running the company for most of its history, Zerlang took Logpoint from a log management tool to a SIEM platform and from a Danish startup to a leading, multinational producer of cybersecurity systems. Zerlang worked in Wealth Management before gaining the CEO position at Logpoint.
  • Mikkel Drucker, CEO (2024-Present): Druker took over from Zerlang in May 2024. His career up to that point had been in marketing, working for companies in Sweden and Denmark.
  • Christian Have, CTO (2019-Present): The Chief Technology Officer of Logpoint has been with the company since 2012. Before starting at the company, he had an exceptional career as a systems security architect, including working as a consultant that defined security policies for many businesses. Have was Chief Product Officer from April 2019 until he became CTO in October 2019.
  • Michael Haldbo, CFO (Sept 2023-Present): Haldbo became Chief Financial Officer of Logpoint in September 2023. Logpoint had difficulty filling that post. The previous CFO was only in that position for 10 months, and the seat was vacant for nine months after he left in December 2022. Haldbo had previously worked in executive positions for IT and payment card businesses.
  • Sean Muirhead, Chief Product Officer 2024-Present): A recent hire, Muirhead takes over a role that was previously fulfilled by Christian Have. Like Have, Muirhead has had a notable career in system security. He worked at Sophos for eight years, first as a Senior Product Manager and then as a Senior Director.

The Non-Executive board members of Logpoint are supplied by the investment funds that owned the company. Evolution Equity Partners had two of its partners on the board during its period of ownership from 2017 to 2023. These two positions were filled by Summa Equity Partners when that fund bought the Logpoint shares of Evolution Equity Partners in 2023. Yttrium Partners has had two representatives on the board from September 2020 to the present day.

The company has just over 300 employees.

Locations

Logpoint A/S is headquartered in Copenhagen, Denmark. They have a global presence, serving over 1,000 organizations across 70 countries. While their main office is in Copenhagen, they also have regional offices and partners worldwide to support their international client base.

Regional offices are located in:

  • London, United Kingdom  
  • Stockholm, Sweden – also the seat of the Norway sales team
  • Espoo, Finland  
  • Munich, Germany  
  • Paris, France  
  • Tel Aviv, Israel  
  • Kathmandu, Nepal  
  • New York, United States  

Target Market and Customer Base

Logpoint is a cybersecurity platform, and so its services are relevant to all businesses that operate an IT system. The addition of UEBA is intended to service businesses that hold valuable data that can be stolen by disgruntled employees or hackers. The SOAR unit would appeal to Security Operation Centers (SOCs) and Managed Security Service Providers (MSSPs).

Target Market

Logpoint primarily targets mid-market and enterprise-level organizations across various industries. Their solutions are designed to meet the needs of sectors such as:

  1. Finance: Banks and financial institutions that require robust security measures to protect sensitive data and comply with regulations.
  2. Healthcare: Hospitals and healthcare providers that need to secure patient information and ensure compliance with health data regulations.
  3. Manufacturing: Companies that need to protect intellectual property and operational technology from cyber threats.
  4. Government: Public sector organizations that require advanced security solutions to protect national and local government data.
  5. Retail: Retailers that need to secure customer data and payment information from cyber threats.
  6. Energy and Utilities: With critical infrastructure at risk, energy companies use Logpoint to monitor and protect their networks from cyberattacks.
  7. Manufacturing: Manufacturers need cybersecurity to protect intellectual property, especially as they adopt Industry 4.0 practices.

Geographic Markets

  • Europe: Logpoint has a strong presence in Europe, where it is headquartered (Denmark). Its solutions help European organizations adhere to GDPR and other stringent regional cybersecurity regulations.
  • North America: The company has expanded into North America, targeting financial services, healthcare, and government organizations, particularly as the U.S. faces evolving cybersecurity threats.
  • Asia-Pacific (APAC): As digital transformation accelerates in APAC, Logpoint seeks to expand in this region, where industries like finance, healthcare, and retail are in high demand for cybersecurity solutions.

Customer Base

  1. Security and IT Teams: The primary users of Logpoint are IT security professionals, SOC (Security Operations Center) analysts, and IT administrators who need advanced monitoring, detection, and response capabilities.
  2. C-level Executives (CISOs, CTOs, CIOs): Logpoint’s value proposition appeals to decision-makers who prioritize cybersecurity investments and regulatory compliance. C-level executives appreciate Logpoint’s integration capabilities and its cost-effectiveness compared to larger competitors.

Logpoint Product Suite

Logpoint started out as a log management system, but that function has since become a subordinated service. The headline systems on the Logpoint platform break down as follows.

1. Logpoint SIEM (Security Information and Event Management)

Logpoint’s SIEM platform is at the heart of its product suite. It enables organizations to collect, analyze, and correlate logs and security events from various sources to detect and respond to potential threats.

  • Log Management: Gathers data from multiple sources, including cloud services, networks, endpoints, applications, and servers. Standardizes and files log messages.
  • Real-Time Threat Detection: Monitoring and alerts on suspicious activities and anomalies, allowing security teams to respond to incidents quickly.
  • Incident Response: The SIEM solution includes tools for orchestrating incident response, automating workflows, and mitigating security incidents.
  • Compliance Reporting: Compatible with various regulations such as GDPR, PCI DSS, HIPAA, and ISO 27001. Automates compliance auditing and reporting.

2. Logpoint UEBA (User and Entity Behavior Analytics)

The Logpoint UEBA module uses machine learning and advanced analytics to detect anomalous behavior across users and entities within the network.

  • Behavioral Analytics: Models the normal behavior of users, devices, and other entities over time. Flags possible insider threats or compromised accounts.
  • Risk Scoring: Every user and entity is assigned a risk score based on the anomaly’s severity. This prioritizes investigations into potential threats.
  • Integration with SIEM: Works with Logpoint SIEM, enhancing the platform’s threat detection capabilities by providing analysis of behaviors beyond just log events.

3. Logpoint SOAR (Security Orchestration, Automation, and Response)

Logpoint SOAR enables automated incident response processes, improving the efficiency and speed of security operations centers (SOCs).

  • Automation: SOAR helps automate repetitive tasks, such as threat analysis, incident response, and remediation processes, freeing up time for security teams.
  • Playbooks: Customizable playbooks outline standardized response workflows for different types of security incidents such as phishing attacks or malware infections.
  • Incident Management: SOAR provides tools for case management, collaboration, and documentation, allowing teams to work together effectively during incidents.
  • Integration: SOAR integrates with Logpoint SIEM and third-party security solutions, allowing security teams to orchestrate and automate actions across different tools.

4. Logpoint Converged SIEM

A unified platform that integrates SIEM, UEBA, and SOAR functionalities, Logpoint’s Converged SIEM provides end-to-end visibility, threat detection, and response capabilities.

  • Unified Platform: Combines the power of Logpoint SIEM, UEBA, and SOAR in a single platform for centralized security management.
  • Data Normalization: Ensures consistency in log data from various sources, enhancing visibility and enabling faster detection of security incidents.
  • AI and ML-Driven Analytics: Uses artificial intelligence and machine learning to detect sophisticated threats, reducing false positives and improving incident accuracy.
  • Cross-Environment Security: Provides security across on-premises, cloud, and hybrid environments.

5. Logpoint Cloud SIEM

Logpoint’s Cloud SIEM is designed for organizations that prefer a cloud-based security platform, offering the same capabilities as the on-premises version but hosted in the cloud.

  • Scalability: Easily scales with business needs without requiring physical infrastructure, ideal for companies expanding their digital footprint.
  • Simplified Management: Cloud deployment reduces the complexity of managing the SIEM platform, making it easier to deploy, maintain, and update.
  • Flexible Deployment Options: Logpoint offers both SaaS (Software-as-a-Service) and hybrid cloud options, depending on the business’s infrastructure and security requirements.
  • Compliance and Data Sovereignty: Cloud SIEM supports compliance with regional data protection laws and allows organizations to maintain control over where their data is stored.

6. Logpoint MDR (Managed Detection and Response)

Logpoint MDR is a managed service for organizations that may not have the resources to manage their own security operations center (SOC).

  • 24/7 Monitoring: Provides round-the-clock monitoring and management of security events by Logpoint’s team of security experts.
  • Threat Intelligence: MDR leverages global threat intelligence to detect and respond to the latest cyber threats.
  • Incident Handling: Includes incident detection, investigation, and response services, allowing businesses to quickly address security issues with expert help.
  • Cost-Effective: Offers a more affordable solution for organizations looking for high-level security capabilities without building and managing their own SOC.

7. Logpoint Business-Critical Security (SAP Security)

This solution focuses on securing critical business applications, especially SAP systems, which are vital to the operations of many enterprises.

  • SAP Log Monitoring: Monitors SAP systems for suspicious activity and security breaches, ensuring the protection of sensitive business data.
  • Compliance Auditing: Provides insights and audit trails to help meet regulatory requirements for securing SAP environments.
  • Risk Management: Helps identify potential security risks and vulnerabilities within SAP applications, mitigating the risk of business disruption or data loss.

8. Logpoint Threat Intelligence Services

Logpoint provides threat intelligence services that integrate with the SIEM platform to enhance the ability to detect known malicious indicators and emerging cyber threats.

  • Threat Feeds: Integrates with third-party threat intelligence feeds to detect threats such as malware signatures, malicious IP addresses, and domain names.
  • Custom Threat Intelligence: Allows organizations to feed their own threat intelligence data into the platform for enhanced detection of specific threats.
  • Automated Threat Detection: Threat intelligence is automatically correlated with SIEM events, providing real-time detection of threats based on the latest intelligence.

9. Logpoint for OT (Operational Technology)

This specialized solution focuses on securing industrial control systems (ICS) and operational technology (OT) environments, which are increasingly targeted by cyberattacks.

  • ICS/OT Monitoring: Provides visibility into OT networks and devices, detecting anomalies and potential threats that could disrupt critical infrastructure operations.
  • Real-Time Threat Detection: Monitors for both IT and OT-specific security threats in real time, ensuring continuous protection of industrial environments.
  • Compliance for Critical Infrastructure: Helps organizations in energy, utilities, and manufacturing sectors meet industry-specific regulatory requirements (e.g., NERC CIP, IEC 62443).

Logpoint SIEM (Security Information and Event Management) is an advanced platform that collects, analyzes, and correlates log data from various IT infrastructures, enabling real-time threat detection, incident response, and regulatory compliance.

Key Features:  

  • Log Management: Gathers logs from multiple data sources such as servers, cloud platforms, applications, and devices.
  • Data Normalization: Rewrites log messages, following a proprietary layout to standardize log data, ensuring consistent analysis regardless of the source.
  • Real-Time Anomaly Detection: Identifies unusual patterns of behavior that indicate potential security incidents.
  • Advanced Analytics: Uses rule-based detection mechanisms and machine learning to flag threats and suspicious activities in real-time.
  • Forensic Analysis: Provides detailed event timelines for security incidents, helping teams investigate root causes and chain of events.
  • Deployment Options: Supports flexible deployment options, including on-premises, cloud, or hybrid environments, making it adaptable to different organizational needs.

Pros:

  • Cost-Effective Pricing: Logpoint is competitively priced when compared to its main rivals. Its rate is based on the number of nodes covered rather than data throughput.
  • Ease of Use: An intuitive and user-friendly interface, making it easier for security teams to configure, operate, and manage.
  • Compliance Management: Includes built-in templates for generating reports that meet the requirements of regulations like GDPR, PCI DSS, HIPAA, and ISO 27001.
  • Automated Auditing: Ensures audit trails are continuously updated and compliant with regulatory standards, saving time for security and compliance teams.
  • Dashboards and Alerts: Customizable dashboards and alerts provide Security Operations Center teams with real-time, actionable insights into security events.

Cons:

  • Limited Market Penetration: While Logpoint is a strong player in Europe, it is less well-known globally compared to its competitors.

Other Notable Products

The majority of the development efforts of the Logpoint platform have focused on extending the core SIEM with other services.

1. Logpoint UEBA

Logpoint UEBA (User and Entity Behavior Analytics) enhances Logpoint’s SIEM platform by applying machine learning to detect anomalous behavior across users, devices, and other entities within an organization’s network. Its purpose is to identify insider threats, compromised accounts, and other suspicious activities that traditional rule-based detection methods might miss. By learning the typical behavior of users and entities over time, UEBA assigns risk scores to deviations.

A key strength of Logpoint UEBA is its integration with the broader SIEM platform, allowing for a unified view of security events and behavioral patterns. While Logpoint’s SIEM excels in collecting and correlating log data, UEBA adds an additional layer of context by focusing on behavioral analysis. However, it is offered as a separate module, meaning organizations must invest additional resources to fully leverage its capabilities.

2. Logpoint SOAR

Logpoint SOAR (Security Orchestration, Automation, and Response) is an extension of the Logpoint SIEM platform, designed to enhance security operations by automating repetitive tasks and orchestrating incident response workflows. It streamlines the security operations center (SOC) by integrating with other security tools, enabling security teams to automate manual processes such as incident triage, alert investigation, and threat containment. Customizable playbooks ensure consistent, efficient, and timely responses to incidents.

The SOAR works with Logpoint SIEM and a wide range of third-party security tools, such as firewalls, endpoint security solutions, and threat intelligence platforms. This interoperability ensures centralized orchestration of security operations. The platform also supports detailed case management and collaboration, making it easier for security teams to coordinate during incident investigations.

Major Competitors

Here are six major competitors to Logpoint:

  1. Splunk A market leader in SIEM, offering extensive log management, real-time monitoring, and advanced analytics, but often criticized for its high costs and complexity in scaling.
  2. IBM QRadar Renowned for its robust threat intelligence, deep network traffic analysis, and incident response capabilities, with strong integration options, but it can be resource-intensive to deploy and manage.
  3. ArcSight (by Micro Focus) A mature SIEM platform known for comprehensive security monitoring and correlation, favored by large enterprises, but with a reputation for being complex and time-consuming to configure.
  4. Elastic Security A cost-effective and highly scalable SIEM alternative, leveraging the Elastic Stack for real-time data analysis and threat detection, though it may lack some advanced out-of-the-box security features.
  5. Azure Sentinel Microsoft’s cloud-native SIEM and SOAR solution, integrated seamlessly with Microsoft 365 and Azure services, offering strong AI-driven threat detection but limited on-premises support compared to hybrid solutions.
  6. Securonix A cloud-native SIEM offering strong UEBA and AI-powered threat detection, focused on reducing false positives, though it can be challenging to manage without extensive fine-tuning and optimization.

Spotlight Wrap Up

Logpoint SIEM is an excellent choice for medium to large enterprises seeking a cost-effective, flexible, and user-friendly SIEM solution. It excels in data normalization, compliance reporting, and ease of use, making it accessible for organizations without large SOC teams. However, it may face some limitations in advanced customization, integration, and market support, especially in regions outside Europe. Logpoint SIEM offers a strong alternative to more expensive solutions in the market.


Source link
Exit mobile version