LogRhythm 6.0 includes pattern recognition, responsive monitoring, compliance management and auto-remediation capabilities as part of its Security Intelligence and Event Management platform.
Log
management vendor LogRhythm unveiled the latest version of its Security
Information and Event Management (SIEM) platform with advanced capabilities to
correlate data.
LogRhythm
6.0 offers pattern recognition and responsive monitoring and can automatically
remediate issues, the Boulder, Colo.-based company said Oct. 12. The platform
allows organizations to be faster at detecting and responding to intrusions and
breaches, the company said.
Under
development for over a year, LogRhythm 6.0 includes more than 100 new features
and capabilities, Chris Petersen, LogRhythm's CTO, wrote on the company's
Dialog blog. LogRhythm 6.0 provides compliance automation and a new list-based
administration model to help organizations achieve and maintain compliance with
"less overall effort," Petersen wrote.
The
new platform also focuses on targeted information delivery to "ensure the
right information gets to the right people at the right time, and in a format
suited to their specific role and job function," the company said.
LogRhythm
expanded its universe of data collection to monitor network traffic, system
events, and any anomalies in network, host or user behavior. For example,
organizations can monitor host and user activity for trends and patterns, such
as knowing that a particular employee always uses the same computer when
connecting remotely. The SIEM platform can recognize and react appropriately if
a different computer tries to connect with the employee's credentials because
that is an anomaly to a known pattern.
The
increased amount of information being collected also is useful for
organizations to perform analysis and forensics. In addition, LogRhythm has boosted
the platform's speed and performance to support the increase in data
collection, indexing, reporting and search.
LogRhythm's
SmartRemediation technology can act on its own and resolve the issue according
to set policy, or kick off a defined workflow for administrators to follow.
SmartRemediation can take action when threats or breaches are identified,
internal or compliance-specific policies are violated, or critical operational
thresholds are crossed.
"The
growing sophistication of attacks and high-profile breaches have organizations
realizing they need responsive and actionable insight into the reality of their
security posture now more than ever," said Scott Crawford, managing research
director of the security and risk management group at Enterprise Management
Associates.
Knowledge
Modules are prepackaged, tailored content aligned with specific regulations and
use cases that administrators can apply. These modules contain prebuilt
reports, investigations, alerts, rules to define patterns and correlations,
layouts, and plug-ins for remediation activities. Administrators can use these
Knowledge Modules to ensure they are applying best practices and being
up-to-date on the latest threats and regulations.
The
modules are developed based on the latest research and intelligence gathered by
LogRhythm Labs, according to Petersen.
The
SIEM market has seen some activity recently, with IBM
snapping up Q1 Labs and McAfee
acquiring Nitro Security. With increasingly sophisticated attacks hitting
organizations, it is important for IT departments to be able to collect data
from all parts of the network and applications and be able to analyze it
effectively. IBM and McAfee said the ability to correlate data is essential to
achieve situational awareness.
"Unlike
other vendors in our space, the innovations introduced in LogRhythm 6.0 were
designed and purpose built by LogRhythm engineers rather than added via
acquisition," Petersen said.
Email
Print
