Follow LogRhythm:

 Follow LogRhythm on Twitter Visit the LogRhythm BLOG, The DiaLog

French Landing Page
Products
       One Integrated Solution
       Log and Event Management
          Log Management
          Log Analysis
          Event Management
          Intelligent IT Search
       Advanced Intelligence Engine (AI)
       SmartResponse
       File Integrity Monitoring
       Host Activity Monitoring
       Geolocation & Visualization
       Reporting
       Turnkey Appliances
       High Availability Solutions
       Software & Virtual Deployments
       Advanced Agent
       WebRhythm Remote Access
       Cisco MARS Replacement

Applications
       Overview
       Compliance
          PCI DSS Compliance
          HIPAA Compliance
          NRC GR 5.71
          NEI Compliance
          NERC CIP Compliance
          SOX Compliance
          GLBA Compliance
          FISMA Compliance
          GCSX Compliance
          Protective Monitoring: GPG13
       SIEM
       IT Optimization
       Business Intelligence
       Insider Threat/Fraud Detection
       Forensics/Investigation
       eDiscovery
       Database Monitoring

Services
       Professional Services
       LogRhythm Labs
       Training Options
          Online Instructor-Led Schedule
          Boulder Based Schedule
       Maintenance and Support

Resources
       Overview
       Datasheets
       Use Cases
          Protective Monitoring
          Detect Advanced Threats (APTs)
          Absence of an Event
          Continuous Monitoring
          Rapid Forensics
          Advanced Correlation
          Rapid Time-to-Value
          Fraud Detection and Prevention
          Protecting Critical Assets
          Change Control
          Protecting ePHI
          Enriching Data w/ Geolocation
          Network & Process Monitoring
          Controlling Operating Costs
          Privileged User Monitoring
          Flexible Reporting
          Visualizing Log & Event Data
          Zero Day Exploits
          Architecture for Any Enterprise
       Case Studies
          Canadian Auto Association
          University of Nottingham
          Endsleigh Insurance Services
          The Share Centre
          ALPS Funds Services
          St John Ambulance
          Phoenix Sun
          Ventura
          Ascent Media Group
          Commidea
          Center for American Progress
          Fortis Bank
          Cardiff County Council
          Regis Corporation
          Kwik Trip PCI Case Study
       Compliance Solution Briefs
       Compliance White Papers
       Independent Product Reviews
       Sample Reports
       Customer Testimonials
       3-Minute Product Demo
       In-Depth Product Demo
       Request Online Demonstration
       Multimedia
       Industry Info
       Request More Info

Partners
       Partners Overview
       Reseller Partners
       MSP/MSSP Partners
       Services and Solutions Partners
       Technology Partners
       Ecosystem Partners

Company
       Overview
       In the News
       Press Releases
          Press Releases - Current
          Press Releases 2010
          Press Releases 2009
          Press Releases 2008
       Events
       Executive Team
       Careers
       Contact
       Privacy Policy

Support
       Customer Support Portal
Schedule an Online LogRhythm Demo Download White Papers Request More Information View 3-Minute Product Demo
Applications

 “With all this power, one would think it would be complicated to deploy and manage, but this appliance can be up and running with very little effort . . ."

~Peter Stephenson | SC Labs


Read the full product review

SIEM with LogRhythm

Setting a new standard in Security Information and Event Management (SIEM) 2.0

SIEM 2.0 DemoYour infrastructure is increasingly under attack from the outside and from within.  LogRhythm’s SIEM 2.0 platform delivers advanced cyber threat defense, detection and response to protect your network from a rapidly evolving threat landscape.

LogRhythm stands apart from first generation log management and SIEM solutions by fully integrating log management and SIEM capabilities with File Integrity Monitoring (FIM) and Host Activity Monitoring in a single solution that is easy to install, manage and use.  LogRhythm’s SIEM 2.0 harnesses the wealth of security-related information embedded within everyday systems, applications, and network log data.  It analyzes and correlates all log and event data in real-time, providing comprehensive visibility and advanced alerting on important events for true enterprise security intelligence.

LogRhythm delivers real-time anomaly detection and alerting, advanced correlation and pattern recognition, data visualization for long-term trending and immediate drill-down access to all data for powerful forensic analysis and rapid root cause analysis. SmartResponse™allows you to respond immediately to threats in either a fully automated fashion or by queuing up a response to execute after up to three levels of authorization to comply with any internal change management policies.  And an intuitive wizard-driven interface custom rule creation allows you to quickly adapt your SIEM capabilities to provide relevant insight into critical devices and custom applications that are unique your network and your business.
Auditors can be automatically notified of specific audit activity and use LogRhythm analysis tools to accelerate the review process. LogRhythm's log management and SIEM 2.0 capabilities allow you to centrally monitor security activity across the entire IT infrastructure. Using one of LogRhythm's customizable dashboards, users can monitor security activity and cyber threats pertaining to systems in their domain of responsibility.

Advanced Correlation and Pattern Recognition

LogRhythm’s Advanced Intelligence (AI) Engine offers sophisticated correlation and analysis of all enterprise log data in a uniquely intuitive fashion.  With a practical combination of flexibility, usability and comprehensive data analysis, AI Engine delivers advanced SIEM 2.0 capabilities with real-time visibility to risks, threats and critical operations issues that are otherwise undetectable in any practical way.  AI Engine is Correlation That Works

Intrusion Detection

LogRhythm collects event data from network and host-based intrusion detection systems. In many cases, intrusion detection systems have been turned down or turned off due to the high volume and unmanageability of alerts. LogRhythm's data reduction and intelligent event management capabilities allow you to realize your IDS investment by turning on and/or turning up the volume and integrating intrusion detection and prevention into your overall SIEM strategy.

For more information, a comprehensive overview of the fundamental computer security controls of prevention, detection and correction by Chris Petersen, LogRhythm CTO, VP Engineering & Founder, is available.

 
Download PDF

File Integrity Monitoring

LogRhythm’s fully integrated File Integrity Monitoring is a powerful component of our SIEM 2.0 capabilities. FIM provides independent auditing of access to and modification of sensitive files. This capability provides an independent audit trail of system changes, as well as who made the change. It is a powerful feature for identifying compromised servers, helping to detect suspicious behavior, such as when intruders override system files and/or create user accounts upon gaining access.

Anomaly Detection

LogRhythm features an extensive range metadata fields that identify and organize information such as network traffic statistics, session and process information, and transaction quantities, amounts and rates. LogRhythm leverages this information to provide greater SIEM granularity for unprecedented visibility into potential insider threats, compliance violations and other operational risks. This combined with contextual event forwarding enables real-time identification and alerting of anomalies within application, database and network activity.

Advanced Intrusion Corroboration

When a security alert is raised, how do you determine its validity? In most networks this is a difficult and time-consuming task, often requiring the involvement of administrators responsible for the affected system. With LogRhythm’s SIEM 2.0, intrusions can be corroborated much more efficiently. LogRhythm analysis capabilities allow you to immediately investigate an alert and corroborate its validity by combining the alert with forensic log data from the affected system. With the click of a mouse you are able to view all log data from the affected system 5 seconds, 5 minutes, or 5 hours before or after the alert occurred, all without paging a single administrator.

SIEM chart

Alerting and Notification of Security Events

LogRhythm’s SIEM 2.0 allows users to easily monitor all log activity for a variety of activities and anomalies related to such factors as specific filename patterns, IP addresses, hosts, users, transaction amounts, file transfer size, etc. When security policies are violated, LogRhythm can automatically alert designated individuals via e-mail, pager, existing management applications and the LogRhythm console. Alerts can be customized to include or exclude specific information and can be sent to users based on their role relative to the affected system or application.

LogRhythm’s standard alarms allow advanced filtering for real-time alerting based on any criteria contained within the log data.  The addition of the AI Engine delivers over 100 preconfigured, out-of-the-box advanced correlation rule sets and a wizard-based drag-and-drop GUI for creating and customizing even complex rules, enabling organizations to predict, detect and swiftly respond to:

  • Sophisticated intrusions
  • Insider threats
  • Fraud
  • Compliance violations
  • Disruptions to IT Services
  • And many other critical actionable events…
Alerts are easily investigated using the LogRhythm Investigator.

 

The LogRhythm Investigator

Whether you’re battling a zero day attack, trying to discover the impact of activity from a recently terminated disgruntled employee or investigating an HR complaint against a manager of one of your field offices, if managed properly, log data can provide invaluable insight into nefarious behavior, potential risks and imminent threats to your organization.

LogRhythm collects, stores, analyzes and reports on log data in such a way that investigators can readily tap that information to accelerate their discovery of root cause, affected systems and assets, and to dramatically reduce the time-to-remediate.

A zero day exploit may proliferate a bot throughout an enterprise that launches rogue SMTP processes on affected systems.  LogRhythm’s investigative capabilities empower investigators to quickly determine from which system the exploit was launched, which systems, devices and applications have been affected and prioritize remediation based upon the asset value of those affected entities.

The departure of a disgruntled administrator may raise concerns about their activities prior to SIEM | LogRhythm Ivestigator Screnshotsresigning.  With LogRhythm, investigators can quickly determine what systems were accessed, changed or potentially compromised by that employee during the last 30 days of his employment.  LogRhythm also preserves raw log data in its original form in a secure and tamper-proof manner so that chain of custody can be maintained.

The depth, breadth and ease-of-use of the forensic/investigative features of LogRhythm enable IT security staff and investigators to harness the power of their log data using SIEM 2.0 capabilities for more efficient, effective and sound investigations.
 
© 2011 LogRhythm, Inc.    All Rights Reserved.