"In order to detect sophisticated threats including targeted attacks and abuse by privileged users, SIEM/Log Management platforms need to extend visibility, awareness and forensic context to activity throughout the enterprise," said Jon Oltsik, senior principal analyst for IT analyst and business strategy firm Enterprise Strategy Group. "LogRhythm continues to be one of the pace setters in this regard by delivering innovations in host and network-level awareness, Geolocation mapping for logs and events and new visualization techniques that yield intelligence and insight from log data, not just random pieces of a puzzle. The new enhancements to the LogRhythm platform reveal the bigger picture by exposing patterns and relationships concealed in countless security records and events."
Logging Process and Connection Activity
To enable organizations to gain 360 degree visibility of network and host activity for security and compliance management, LogRhythm has added process and connection monitoring to fill information gaps that are not addressed by standard logging. LogRhythm Process Monitor provides independent monitoring of processes running on a host, including the process name and ID, who started it, when it was started, stopped, duration, etc. LogRhythm Connection Monitor logs all network activity such as listening services, inbound connections, and outbound connections to/from a host including local and remote IP addresses and ports, connection state, direction, duration, and more. Whether it's a rogue peer-to-peer client running on a laptop or an unauthorized SMTP server on the network, LogRhythm's enhanced System Monitor agent will provide the visibility and awareness necessary to take appropriate action. These capabilities, combined with LogRhythm's existing file integrity monitoring and endpoint monitoring & control, provide comprehensive forensic data collection of activity on networks and hosts.
Geolocation Pinpoints The "Where"
For organizations that want to combine location information with relationship mapping between hosts associated with internal, inbound or outbound activity, LogRhythm now provides Geolocation data for both logs and security events - an industry first. This capability enables security teams to know where an activity originated, its destination and the impacted hosts, in order to detect potential attacks and data leaks. For example, using white or black lists, administrators can easily create alerts to generate alarms when data is transferred outside the country, or to unfriendly countries, regions, etc., or when VPN connections originate from unauthorized locations. When combined with LogRhythm's new network visualization capabilities, Geolocation quickly reveals behaviors, patterns and trends that warrant investigation and/or require corrective action to mitigate security threats.
"From day one, LogRhythm has been focused on helping customers fill the 'visibility gaps' on their networks. While logs provide tremendous value on their own, they often don't provide the complete story," said Chris Petersen, co-founder and CTO of LogRhythm. "This new version of LogRhythm expands our ability to independently monitor and capture critical forensic information. By providing a more complete picture of activity occurring across the enterprise, LogRhythm makes it easier to detect sophisticated intrusions, insider threats, compliance violations, and operational problems that would otherwise be overlooked or discovered only after the damage was done."
Visualization Maps Network Activity-Relationships
To reveal hidden threats, trends, security violations, and more, LogRhythm provides a powerful new network visualization tool that maps host-to-host activity, relationships within the enterprise network, and inbound/outbound communications. By rolling together logs, security events, connection monitoring data, and Geolocation information, LogRhythm provides an eye-in-the-sky perspective of activity that spans endpoints as well as network traffic. At a glance, security administrators can quickly identify where suspicious activity is occurring, the scope of the risk or impact, and its origins from inside and outside the enterprise. Some examples include:
* Pinpointing the source of remote authentications and their frequency * Detecting if a compromised host has connected to or attacked another internal host * Knowing if hosts containing sensitive data have connected to hosts residing outside authorized operating locations (i.e., rogue nations, competitors, etc.)
Expanded Fault Tolerance Delivers On Business Continuity Demands
To complement its existing fault tolerance capabilities, LogRhythm has added a new line of High Availability (HA) appliances to its award winning LRX lineup. These HA solutions meet the growing demand for business continuity assurance of enterprise Log Management/SIEM processes. They provide full data and system replication and unattended failover to deliver enterprise-level reliability for LogRhythm's Log Management and SIEM 2.0 solutions.
Pricing and Availability The new version of LogRhythm is available immediately from LogRhythm and its business partners worldwide. Pricing starts at $25,000.
About LogRhythm LogRhythm, the leader in Log Management and SIEM 2.0, delivers log and event management, file integrity monitoring, and network and user monitoring in a single integrated solution. LogRhythm empowers organizations to comply with regulations, secure their networks, and optimize IT operations. The company has received SC Magazine's Innovator of the Year Award, Readers Trust Award for "Best SIEM" solution and the "Best Buy" designation for Digital Forensics. It is a finalist for the 2010 Red Herring 100 Award and was again recently placed by Gartner Inc. in the visionaries quadrant of the Security Information and Event Management (SIEM) Magic Quadrant report for 2010. LogRhythm is privately held and based in Boulder, Colorado with European Headquarters in Maidenhead, England, and Asia Pacific operations in Hong Kong. For more information visit: www.logrhythm.com.