LogRhythm for Security

Products

Applications

Services

Resources

Partners

Company

Support

Business Intelligence

Insider Threat/Fraud Detection

Forensics/Investigation

eDiscovery

Database Monitoring

No organization can maintain adequate network awareness without a system for centralized logging and analysis. LogRhythm is a tool which provides that capability, and whose architecture allows security administrators to move from a high-level overview down to the lowest details of individual messages. Incidents can be better prevented, detected, and mitigated when organizations use tools like LogRhythm to identify and investigate suspicious events.

Richard Bejtlich
Author of "The Tao of Network Security Monitoring"

LogRhythm for Security Automate Monitoring, Analysis and Alerting for External and Internal Threats in Real Time Your infrastructure is increasingly under attack from the outside and from within. LogRhythm offers timely and actionable insights into securing it. LogRhythm harnesses the wealth of security-related information embedded within everyday systems, applications, and network log data. LogRhythm analyzes and correlates all your logs in real-time, providing you actionable visibility and alerts on important events. You can easily conduct further analysis and react as appropriate. You can even add custom rules to provide insight most relevant to your network and your business. LogRhythm stands apart from traditional log and event management systems by also providing universal log collection from databases and applications, real-time anomaly detection and alerting, data visualization for long-term trending, and data mining for deep forensic analysis. LogRhythm Security Highlights Central Security Monitoring Centrally monitor security activity across the entire IT infrastructure Intrusion Detection Collect alerts from most network and host-based intrusion detection systems File Integrity Monitoring Independent auditing of access to and modification of sensitive files Intrusion Corroboration Immediately investigate an alert and corroborate its validity Anomaly Detection Identify behavior anomalies within application and network activity logs in real-time Alerting and Notification of Security Events Automatically alerts appropriate staff based upon predefined escalation process Insider Threat Detection Proactive detection and alerting on security threats from within Forensics/Investigation Powerful forensic analysis and investigation tool set eDiscovery Rapid and automated response to eDiscovery requests

Central Security Monitoring Auditors can be automatically notified of specific audit activity and use LogRhythm analysis tools to accelerate the review process. LogRhythm's log and event management capabilities allow you to centrally monitor security activity across the entire IT infrastructure. Using one of LogRhythm's customizable dashboards, users can monitor security activity pertaining to systems in their domain of responsibility. The LogRhythm Personal Dashboard The LogRhythm Personal Dashboard provides users with real-time visibility into security related events and alerts for those activities that warrant immediate attention. From the dashboard users can perform a variety of functions including launching investigations, customizing alerts, drilling down into supporting normalized and raw log data as well as generate and configure custom reports while maintaining user audit tracking for compliance and reporting. Click Image To View LogRhythm Personal Dashboard Intrusion Detection LogRhythm can collect alerts from most network and host-based intrusion detection systems. In many cases, intrusion detection systems have been tuned down or turned off due to the high volume and unmanageability of alerts. LogRhythm's data reduction and intelligent event management capabilities allow you to realize your IDS investment by turning on and/or turning up the volume. File Integrity Monitoring LogRhythm provides independent auditing of access to and modification of sensitive files. This capability provides an independent audit trail of system changes. It is also extremely helpful in identifying compromised servers since intruders will typically override system files and/or create user accounts upon gaining access. Anomaly Detection LogRhythm features metadata fields that collect and organize information such as network traffic statistics, session and process information, and transaction quantities, amounts and rates. LogRhythm leverages this information to provide unprecedented visibility to potential insider threats, compliance violations and other operational risks. This combined with contextual event forwarding enables real-time identification and alerting of anomalies within application, database and network activity. Intrusion Corroboration When a security alert is raised, how do you determine its validity? In most networks this is a difficult and time-consuming task, often requiring the involvement of administrators responsible for the affected system. With LogRhythm, intrusions can be corroborated much more efficiently. LogRhythm analysis capabilities allow you to immediately investigate an alert and corroborate its validity by combining the alert with forensic log data from the affected system. With the click of a mouse you are able to view all log data from the affected system 5 seconds, 5 minutes, or 5 hours before or after the alert occurred, all without paging a single administrator. Click Image To View LogRhythm Screen Alerting and Notification of Security Events LogRhythm’s advanced log processing engine allows users to easily monitor all log activity for a variety of activities and anomalies related to such factors as specific filename patterns, IP addresses, hosts, users, transaction amounts, file transfer size, etc. When security policies are violated, LogRhythm can automatically alert designated individuals via e-mail, pager, existing management applications and the LogRhythm console. Alerts can be customized to include or exclude specific information and can be sent to users based on their role relative to the affected system or application. Alerts can be raised for individual events or combinations of events. They can also take into account the source and destination of security activity. Example alerts include: Attack ABC Worm was seen Attack ABC Worm was seen from a DMZ system to an internal host 10 failed logins were seen from the same user in 5 minutes 25 reconnaissance activity alerts were seen from the same system in 24 hours An attack alert was raised from a host on the 'bad guy' list 5 security alerts were seen between a trusted network and semi-trusted partner network A cash transaction exceeding a certain dollar amount threshold occurred in a critical financial application Alerts are easily investigated using the LogRhythm Investigator.

The LogRhythm Investigator Whether you’re battling a zero day attack, trying to discover the impact of activity from a recently terminated disgruntled employee or investigating an HR complaint against a manager of one of your field offices, if managed properly, log data can provide invaluable insight into nefarious behavior, potential risks and imminent threats to your organization. LogRhythm collects, stores, analyzes and reports on log data in such a way that investigators can readily tap that information to accelerate their discovery of root cause, affected systems and assets, and to dramatically reduce the time-to-remediate. A zero day exploit may proliferate a bot throughout an enterprise that launches rogue SMTP processes on affected systems. LogRhythm’s investigative capabilities empower investigators to quickly determine from which system the exploit was launched, which systems, devices and applications have been affected and prioritize remediation based upon the asset value of those affected entities. The departure of a disgruntled administrator may raise concerns about their activities prior to resigning. With LogRhythm, investigators can quickly determine what systems were accessed, changed or potentially compromised by that employee during the last 30 days of his employment. LogRhythm also preserves raw log data in its original form in a secure and tamper-proof manner so that chain of custody can be maintained. The depth, breadth and ease-of-use of the forensic/investigative features of LogRhythm enable IT security staff and investigators to harness the power of log data for more efficient, effective and sound investigations. Click Image To View LogRhythm Screen