Security Information & Event Management (SIEM) , Security Operations

Logpoint Strengthens SIEM by Acquiring Muninn AI-Powered NDR

Purchase Adds Advanced AI Network Detection to Logpoint's Threat Response Toolbox
Logpoint Strengthens SIEM by Acquiring Muninn AI-Powered NDR
Mikkel Drucker, CEO, Logpoint (Image: Logpoint)

Logpoint purchased a network detection and response startup founded by a former consultant to the Danish Ministry of Defence to detect complex attacks more effectively.

See Also: OnDemand | Building Long-Term Security Assets: An Investment Model for Sustainable Cybersecurity Defense

The Copenhagen, Denmark-based SIEM stalwart said Copenhagen-area Muninn's AI-driven detection is especially useful in environments where traditional signature-based detection methods fall short such as in industrial control systems or during a ransomware attack. Combining Logpoint's log analysis with Muninn's real-time network monitoring will enhance security posture and improve threat detection and response.

"The more careful you are and the more data sources you monitor and respond to, the more likely you are to keep safe," Logpoint CEO Mikkel Drucker told Information Security Media Group. "Adding the NDR piece to our existing SIEM is quite obvious in terms of making a more complete and safe solution for our customers."

Benefits of Bringing SIEM, NDR Together

Muninn, founded in 2016, employs 20 people and raised $2.8 million in an August 2022 seed funding round led by Luminar Ventures. The company has been led since inception by Andreas Wehowsky, who received a master's degree from MIT in computer science and aerospace and spent three years as an IT consultant at the Danish Ministry of Defence. All of Muninn's employees will join Logpoint, Drucker said (see: New Logpoint CEO Mikkel Drucker Seeks Growth Via M&A, MSSPs).

The purchase of Muninn is Logpoint's first since Swedish sustainable growth fund Summa Equity bought a majority stake in Logpoint in March 2023 and installed former Netigate CEO Drucker as its top boss in May 2024. Muninn's modern architecture and AI capabilities will help Logpoint offer a more complete and advanced security solution to customers, and is aligned with the company's growth plans, he said.

"We also see as a benefit that Muninn is in Denmark," Drucker said. "From an integration perspective and from a value capture perspective, it makes it a little easier as well."

Integrating SIEM with NDR helps provide a comprehensive view of both application and network-level behaviors, allowing for a better detected of sophisticated threats as well as more accurate responses, said Chief Technology Officer Christian Have. The integration will help Logpoint offer proactive threat detection and prevention tools and ensure nothing at the application or network level goes unnoticed.

"You can't necessarily trust what the applications are telling you, but the network never lies," Have told ISMG. "Getting both the view on the application level from logs combined with what that application behavior then manifested itself into at the network layer gives us that completeness of the attack, of the behavior, of the posture that allows us to make better important decisions on what actually happens."

Why Sets Muninn's Use of AI Apart

Muninn's AI technology enhances threat detection by identifying anomalies and deviations in network traffic, even in environments with unknown protocols such as industrial control systems, Have said. The capability goes beyond traditional signature-based detection, which Have said makes it highly valuable for detecting advanced persistent threats and targeted attacks.

"Muninn's AI looks at traffic flows and expected patterns. Every time there is adversarial behavior, it lights up like a Christmas tree," Have said. "The way you would almost think of this is that your entire network becomes a deception technology. So we will know when traffic that falls out of the norm appears in the network, and we will be able to detect and react on it immediately."

AI allows for detection of previously unknown threats by analyzing abnormal traffic patterns, which is crucial to setting where traditional signature-based methods struggle like OT networks, Have said. The joining of network-level visibility and application logs can detect lateral movement during a ransomware attack, while correlating network traffic and app vulnerabilities can significantly reduce triage time.

"Our end customers worry about targeted attacks that are complex in nature, and getting signals from both applications and networks helps us paint that more complete picture of what's going on, giving us situational awareness," Have said. "The use cases will focus more on increasing that analyst efficiency, reducing the time spent on triage, and improving the output of security operations teams."

The Muninn deal is the first of several that Logpoint plans to make to expand the company's capabilities and customer base. Drucker said this strategy will help Logpoint grow faster by buying small, innovative companies and integrating their technology and talent. The current market environment provides opportunities to acquire companies that are struggling to scale, according to Drucker (see: Summa Equity Buys Majority Stake in Logpoint to Bolster M&A).

"It's a good situation right now to acquire, especially smaller players that don't have the scale," Drucker said. "In the current environment, you have to partner up. It's very difficult to make it on your own. So, definitely, you will see more coming."


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.