Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

6/22/2010
04:40 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

LogRhythm Delivers Log-Powered Security Visualization Platform

LogRhythm uses log and security event data combined with geolocation and network activity relationship mapping

BOULDER, Colo., June 21, 2010 - LogRhythm, the company that makes log data useful, today announced a new version of its integrated Log Management/SIEM platform that eliminates information security blind spots by providing holistic visibility and relationship mapping of network activity. To help organizations detect and mitigate threats from inside and outside the firewall, LogRhythm now monitors system processes and network connections on endpoints, provides Geolocation of hosts, and maps relationships through network visualization. This global view of network activity adds context to logs and security events to expose patterns and exceptions that would otherwise go undetected.

"In order to detect sophisticated threats including targeted attacks and abuse by privileged users, SIEM/Log Management platforms need to extend visibility, awareness and forensic context to activity throughout the enterprise," said Jon Oltsik, senior principal analyst for IT analyst and business strategy firm Enterprise Strategy Group. "LogRhythm continues to be one of the pace setters in this regard by delivering innovations in host and network-level awareness, Geolocation mapping for logs and events and new visualization techniques that yield intelligence and insight from log data, not just random pieces of a puzzle. The new enhancements to the LogRhythm platform reveal the bigger picture by exposing patterns and relationships concealed in countless security records and events."

Logging Process and Connection Activity

To enable organizations to gain 360 degree visibility of network and host activity for security and compliance management, LogRhythm has added process and connection monitoring to fill information gaps that are not addressed by standard logging. LogRhythm Process Monitor provides independent monitoring of processes running on a host, including the process name and ID, who started it, when it was started, stopped, duration, etc. LogRhythm Connection Monitor logs all network activity such as listening services, inbound connections, and outbound connections to/from a host including local and remote IP addresses and ports, connection state, direction, duration, and more. Whether it's a rogue peer-to-peer client running on a laptop or an unauthorized SMTP server on the network, LogRhythm's enhanced System Monitor agent will provide the visibility and awareness necessary to take appropriate action. These capabilities, combined with LogRhythm's existing file integrity monitoring and endpoint monitoring & control, provide comprehensive forensic data collection of activity on networks and hosts.

Geolocation Pinpoints The "Where"

For organizations that want to combine location information with relationship mapping between hosts associated with internal, inbound or outbound activity, LogRhythm now provides Geolocation data for both logs and security events - an industry first. This capability enables security teams to know where an activity originated, its destination and the impacted hosts, in order to detect potential attacks and data leaks. For example, using white or black lists, administrators can easily create alerts to generate alarms when data is transferred outside the country, or to unfriendly countries, regions, etc., or when VPN connections originate from unauthorized locations. When combined with LogRhythm's new network visualization capabilities, Geolocation quickly reveals behaviors, patterns and trends that warrant investigation and/or require corrective action to mitigate security threats.

"From day one, LogRhythm has been focused on helping customers fill the 'visibility gaps' on their networks. While logs provide tremendous value on their own, they often don't provide the complete story," said Chris Petersen, co-founder and CTO of LogRhythm. "This new version of LogRhythm expands our ability to independently monitor and capture critical forensic information. By providing a more complete picture of activity occurring across the enterprise, LogRhythm makes it easier to detect sophisticated intrusions, insider threats, compliance violations, and operational problems that would otherwise be overlooked or discovered only after the damage was done."

Visualization Maps Network Activity-Relationships

To reveal hidden threats, trends, security violations, and more, LogRhythm provides a powerful new network visualization tool that maps host-to-host activity, relationships within the enterprise network, and inbound/outbound communications. By rolling together logs, security events, connection monitoring data, and Geolocation information, LogRhythm provides an eye-in-the-sky perspective of activity that spans endpoints as well as network traffic. At a glance, security administrators can quickly identify where suspicious activity is occurring, the scope of the risk or impact, and its origins from inside and outside the enterprise. Some examples include:

* Pinpointing the source of remote authentications and their frequency * Detecting if a compromised host has connected to or attacked another internal host * Knowing if hosts containing sensitive data have connected to hosts residing outside authorized operating locations (i.e., rogue nations, competitors, etc.)

Expanded Fault Tolerance Delivers On Business Continuity Demands

To complement its existing fault tolerance capabilities, LogRhythm has added a new line of High Availability (HA) appliances to its award winning LRX lineup. These HA solutions meet the growing demand for business continuity assurance of enterprise Log Management/SIEM processes. They provide full data and system replication and unattended failover to deliver enterprise-level reliability for LogRhythm's Log Management and SIEM 2.0 solutions.

Pricing and Availability The new version of LogRhythm is available immediately from LogRhythm and its business partners worldwide. Pricing starts at $25,000.

About LogRhythm LogRhythm, the leader in Log Management and SIEM 2.0, delivers log and event management, file integrity monitoring, and network and user monitoring in a single integrated solution. LogRhythm empowers organizations to comply with regulations, secure their networks, and optimize IT operations. The company has received SC Magazine's Innovator of the Year Award, Readers Trust Award for "Best SIEM" solution and the "Best Buy" designation for Digital Forensics. It is a finalist for the 2010 Red Herring 100 Award and was again recently placed by Gartner Inc. in the visionaries quadrant of the Security Information and Event Management (SIEM) Magic Quadrant report for 2010. LogRhythm is privately held and based in Boulder, Colorado with European Headquarters in Maidenhead, England, and Asia Pacific operations in Hong Kong. For more information visit: www.logrhythm.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Breaches Are Inevitable, So Embrace the Chaos
Ariel Zeitlin, Chief Technology Officer & Co-Founder, Guardicore,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19010
PUBLISHED: 2019-11-16
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.
CVE-2019-16761
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the [email protected] npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions >1.0...
CVE-2019-16762
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any...
CVE-2019-13581
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary ...
CVE-2019-13582
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution.