LogRhythm Adds Pattern Recognition, Auto-Remediation to SIEM Platform
Log management vendor LogRhythm unveiled the latest version of its Security Information and Event Management (SIEM) platform with advanced capabilities to correlate data.
LogRhythm 6.0 offers pattern recognition and responsive monitoring and can automatically remediate issues, the Boulder, Colo.-based company said Oct. 12. The platform allows organizations to be faster at detecting and responding to intrusions and breaches, the company said.
Under development for over a year, LogRhythm 6.0 includes more than 100 new features and capabilities, Chris Petersen, LogRhythm's CTO, wrote on the company's Dialog blog. LogRhythm 6.0 provides compliance automation and a new list-based administration model to help organizations achieve and maintain compliance with "less overall effort," Petersen wrote.
The new platform also focuses on targeted information delivery to "ensure the right information gets to the right people at the right time, and in a format suited to their specific role and job function," the company said.
LogRhythm expanded its universe of data collection to monitor network traffic, system events, and any anomalies in network, host or user behavior. For example, organizations can monitor host and user activity for trends and patterns, such as knowing that a particular employee always uses the same computer when connecting remotely. The SIEM platform can recognize and react appropriately if a different computer tries to connect with the employee's credentials because that is an anomaly to a known pattern.
The increased amount of information being collected also is useful for organizations to perform analysis and forensics. In addition, LogRhythm has boosted the platform's speed and performance to support the increase in data collection, indexing, reporting and search.
LogRhythm's SmartRemediation technology can act on its own and resolve the issue according to set policy, or kick off a defined workflow for administrators to follow. SmartRemediation can take action when threats or breaches are identified, internal or compliance-specific policies are violated, or critical operational thresholds are crossed.
"The growing sophistication of attacks and high-profile breaches have organizations realizing they need responsive and actionable insight into the reality of their security posture now more than ever," said Scott Crawford, managing research director of the security and risk management group at Enterprise Management Associates.
Knowledge Modules are prepackaged, tailored content aligned with specific regulations and use cases that administrators can apply. These modules contain prebuilt reports, investigations, alerts, rules to define patterns and correlations, layouts, and plug-ins for remediation activities. Administrators can use these Knowledge Modules to ensure they are applying best practices and being up-to-date on the latest threats and regulations.
The modules are developed based on the latest research and intelligence gathered by LogRhythm Labs, according to Petersen.
The SIEM market has seen some activity recently, with IBM snapping up Q1 Labs and McAfee acquiring Nitro Security. With increasingly sophisticated attacks hitting organizations, it is important for IT departments to be able to collect data from all parts of the network and applications and be able to analyze it effectively. IBM and McAfee said the ability to correlate data is essential to achieve situational awareness.
"Unlike other vendors in our space, the innovations introduced in LogRhythm 6.0 were designed and purpose built by LogRhythm engineers rather than added via acquisition," Petersen said.