Follow LogRhythm:

 Follow LogRhythm on Twitter Visit the LogRhythm BLOG, The DiaLog

French Landing Page
Products
       One Integrated Solution
       Log and Event Management
          Log Management
          Log Analysis
          Event Management
          Intelligent IT Search
       Advanced Intelligence Engine (AI)
       SmartResponse
       File Integrity Monitoring
       Host Activity Monitoring
       Geolocation & Visualization
       Reporting
       Turnkey Appliances
       High Availability Solutions
       Software & Virtual Deployments
       Advanced Agent
       WebRhythm Remote Access
       Cisco MARS Replacement

Applications
       Overview
       Compliance
          PCI DSS Compliance
          HIPAA Compliance
          NRC GR 5.71
          NEI Compliance
          NERC CIP Compliance
          SOX Compliance
          GLBA Compliance
          FISMA Compliance
          GCSX Compliance
          Protective Monitoring: GPG13
       SIEM
       IT Optimization
       Business Intelligence
       Insider Threat/Fraud Detection
       Forensics/Investigation
       eDiscovery
       Database Monitoring

Services
       Professional Services
       LogRhythm Labs
       Training Options
          Online Instructor-Led Schedule
          Boulder Based Schedule
       Maintenance and Support

Resources
       Overview
       Datasheets
       Use Cases
          Protective Monitoring
          Detect Advanced Threats (APTs)
          Absence of an Event
          Continuous Monitoring
          Rapid Forensics
          Advanced Correlation
          Rapid Time-to-Value
          Fraud Detection and Prevention
          Protecting Critical Assets
          Change Control
          Protecting ePHI
          Enriching Data w/ Geolocation
          Network & Process Monitoring
          Controlling Operating Costs
          Privileged User Monitoring
          Flexible Reporting
          Visualizing Log & Event Data
          Zero Day Exploits
          Architecture for Any Enterprise
       Case Studies
          Canadian Auto Association
          University of Nottingham
          Endsleigh Insurance Services
          The Share Centre
          ALPS Funds Services
          St John Ambulance
          Phoenix Sun
          Ventura
          Ascent Media Group
          Commidea
          Center for American Progress
          Fortis Bank
          Cardiff County Council
          Regis Corporation
          Kwik Trip PCI Case Study
       Compliance Solution Briefs
       Compliance White Papers
       Independent Product Reviews
       Sample Reports
       Customer Testimonials
       3-Minute Product Demo
       In-Depth Product Demo
       Request Online Demonstration
       Multimedia
       Industry Info
       Request More Info

Partners
       Partners Overview
       Reseller Partners
       MSP/MSSP Partners
       Services and Solutions Partners
       Technology Partners
       Ecosystem Partners

Company
       Overview
       In the News
       Press Releases
          Press Releases - Current
          Press Releases 2010
          Press Releases 2009
          Press Releases 2008
       Events
       Executive Team
       Careers
       Contact
       Privacy Policy

Support
       Customer Support Portal
Schedule an Online LogRhythm Demo Download White Papers Request More Information View 3-Minute Product Demo
Products

SmartResponse

LogRhythm | SmartRemediationLogRhythm delivers immediate protection from security threats, compliance policy violations and operational issues with SmartResponse. Intelligent, process-driven capabilities give organizations the power to automatically respond to any alarm. SmartResponse delivers immediate action on real-world issues, such as when suspicious behavior patterns are detected, specific internal or compliance-driven policies are violated, or critical performance thresholds are crossed. LogRhythm ensures that responses are based on accurate information by performing real-time analysis on all log data, helping to minimize false positives as well as the delays associated with manual intervention.

Automated Remediation That Works for You

Many organizations find that implementing automated remediation creates more risk than it is designed to prevent. One of the problems is that it is typically an all-or-nothing process, meaning any enabled action will be taken without providing an option for external validation. Because of the number of variables tied to an individual event and the risks associated with incorrectly interrupting critical operations, most organizations are justifiably reluctant to employ automated remediation beyond that tied to the most mundane use cases.

LogRhythm’s SmartResponse was specifically designed so that any action can be easily configured to meet important organizational policies and to provide assurances that each response is the correct action to take. It comes with an optional, built-in approval process that can require up to 3 levels of authorization prior to taking action. That gives organizations the option of reviewing the facts first – before the wrong person’s access is removed or a critical application is mistakenly shut down. And if that particular remediation is determined to be the correct course of action, the response is already queued up for immediate execution at the click of a button.
SmartResponse™ Download US 'PDF' Log Management and SIEM 2.0. File Integrity Monitoring. Network and User Monitoring. SmartResponse™ Download A4 'PDF' Log Management and SIEM 2.0. File Integrity Monitoring. Network and User Monitoring.

How It Works

A simple, plug-in based GUI allows administrators to import any script-based response, which can then be activated by any advanced correlation or event-based alarm. LogRhythm’s SmartResponse includes: 

  • Optional requirements for up to three levels of authorization
  • Targeted responses to exact alarm parameters, such as:
  • Suspicious IP addresses to block
  • Specific rogue users to quarantine
  • Individual processes to start or stop
  • Over 50 unique fields for maximum precision
  • Incident Response Management with:
  • Current remediation status
  • Alarm recipient tracking
  • Authorization path auditing
  • One-click testing for script validation

 

SmartResponse in Action

LogRhythm Labs provides out-of-the-box access to practical scripts designed to address common organizational issues related to security, compliance and operations. SmartResponse can execute any script that a user can create, with optional safeguards to require up to three levels of authorization before performing any action. Examples include:

 

Advanced Threat Detection & Response
(External)

    

Advanced Threat Detection & Response
(Internal)

Problem
Malware frequently attempts to access an environment by logging in to multiple servers, moving from one target to the next until access is granted.

Detection
LogRhythm can alarm on suspicious behavior, such as access attempts to multiple hosts within the network from a single IP Address or nonwhite-listed location.

Action
SmartResponse can pull the attacking IP Address directly from an alarm and add it directly to a firewall ACL, instantly terminating potentially dangerous access to your network.

   Problem
Systems administrators have the ability to access and modify systems and create accounts with escalated privileges, allowing them to engage in a broad range of malicious activity while avoiding detection.

Detection
LogRhythm can notify when any new account with escalated privileges is created, or if suspicious modifications have been made to accounts accessing critical systems.

Action
SmartResponse can automatically remove newly added or recently modified privileged accounts until the activity has been verified as legitimate.
 
 

Compliance Automation & Assurance

    

Operational Intelligence & Optimization
  Problem
Many compliance regulations require strict access controls to confidential data, such as protected health information (PHI) or customer credit card accounts.

Detection
LogRhythm can determine which users are authorized to access critical assets or specific files, detecting in real-time when an access policy is violated and generating an alarm.

Action
SmartResponse can immediately remove any user guilty of an access violation from the network until the incident can be investigated, actively enforcing policy and protecting critical assets.

   Problem
Detecting when all aspects of a server have restarted properly after routine maintenance is challenging – particularly in large enterprises with a large number of distributed hosts.

Detection
LogRhythm can independently detect when a critical process stops and/or fails to restart following a specific event, such as a reboot.

Action
SmartResponse can restart individual processes, pulling all relevant information, such as the process name and impacted host, directly from the alarm.






























 
© 2011 LogRhythm, Inc.    All Rights Reserved.