LogRhythm enhances cryptic raw logs to yield meaning, trends, and anomalies from search results

December 15, 2008

4 Min Read


BOULDER, Colo., Dec. 15, 2008 - LogRhythm, the company that makes log data useful, today announced Intelligent IT Search, a new capability for its log and event management system that hones in on security threats and operational risks in a fraction of the time compared to conventional log search utilities. LogRhythm Intelligent IT Search takes the guess work out of extracting meaning from log data by going beyond simple indexing and enriching log entries with intuitive classifications, human understandable names, risk modeling and prioritization, and a universal time stamp.

"Searching raw logs for text strings is tedious and unreliable, since each system and application vendor uses a different nomenclature for classifying and defining events," said Jon Oltsik, senior analyst at Enterprise Strategy Group. "With the current economic conditions putting pressure on IT departments to do more with fewer resources, LogRhythm is delivering a timely advance in log and event management that pieces together the jigsaw puzzle of data associated with security and operations events for faster problem detection and resolution."

With many organizations currently facing staff reductions, Intelligent IT Search can defend against internal threats associated with terminated and disgruntled employees. For example, LogRhythm can be used to instantly query for all audit events, such as modifications to access and authentication privileges, linked to a given user's Active Directory (or other network login) account during a specified time period.

Giving Meaning to Search

Traditional approaches to log search require users to know precisely what they are looking for, and to create, then refine search terms to locate events that map to their query. LogRhythm processes logs and tags them using a rich and granular three tier classification model that enables users to perform intelligent IT search. This capability assesses the impact of events in multiple dimensions to extract meaning from what would otherwise appear to be just isolated logs.

By adding this additional intelligence to raw logs, LogRhythm enables IT organizations to quickly identify internal and external threats, operations issues, and compliance violations. In addition, Intelligent IT Search simplifies and accelerates forensic investigations and eDiscovery responses.

Adding Intelligence to Raw Logs

LogRhythm enriches logs with the following information to generate query results that provide intelligence... not simply data:

* Universal time stamp for every log: Essential for accurate correlation and contextualization, especially when conducting forensic analysis of events that span multiple geographies.

* Three Tier Classification System - Security: Compromise, Attack, Denial of Service, etc. - Operations: Critical Event, System Error, Warning, etc. - Audit: Admin Account Creation, Failed Authentication, etc.

* Prioritization of Events - 100 point risk model prioritizes events based on what happened, what systems or applications were impacted, what users were involved, etc.

* Host Contextualization - Uses and correlates origin, destination, affected host, and affected application information. Enables security teams to monitor suspicious activity that spans several conditions. For example, a large file transfer (10 MB) from a sensitive database (SAP) to an external IP address (in Romania).

Utility Tool Chest for Intelligent IT Search

Once log data is enriched, LogRhythm's broad suite of search utilities empowers users to rapidly investigate, view, correlate and visualize logs in a variety of ways to meet specific search objectives. The Intelligent Search Utilities include:

* Wizard-based Search - Easily create complex search criteria across normalized, classified and contextualized data

* Real-time Search- Apply search criteria to log data as it is generated in real time via LogRhythm Tail. Configure alerts to be sent whenever conditions in a specified search criteria occur in the future.

* Visualization - Present millions of logs in 3-D graphical representation to discover anomalies and analyze trends

* One-click Correlation - Rapidly refine search with a single click on related data

* Quick Search Tool Bar - Provides rapid search initiation directly from any screen

"Logs provide the digital fingerprints for an entire network, giving visibility into the operations, activities, and security of its interconnected systems, devices, and applications," said Chris Petersen, CTO of LogRhythm. "Our new Intelligent IT Search capability does the heavy lifting in piecing things together so users don't have to, and sets a new standard of efficiency and value for mining log data."

Pricing and Availability

The LogRhythm platform with Intelligent IT Search is available immediately from LogRhythm and its business partners worldwide. Pricing starts at $20,000 .

About LogRhythm

LogRhythm provides enterprise-class log management, log analysis and event management in an integrated solution that empowers organizations to comply with regulations, secure their networks, and optimize IT operations. LogRhythm was positioned by Gartner Inc. in the visionaries quadrant of the Security Information and Event Management Magic Quadrant report for 2007 and 2008, and has received the recommended award and a Five Star rating from SC Magazine. LogRhythm is privately held and based in Boulder, Colorado. For more information visit: www.logrhythm.com.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights