The LogRhythm Personal Dashboard
The LogRhythm Personal Dashboard provides users with real-time visibility into security related events and alerts for those activities that warrant immediate attention. From the dashboard users can perform a variety of functions including launching investigations, customizing alerts, drilling down into supporting normalized and raw log data as well as generate and configure custom reports while maintaining user audit tracking for compliance and reporting.
Auditors can be automatically notified of specific audit activity and use LogRhythm analysis tools to accelerate the review process. LogRhythm's log management and SIEM 2.0 capabilities allow you to centrally monitor security activity across the entire IT infrastructure. Using one of LogRhythm's customizable dashboards, users can monitor security activity and cyber threats pertaining to systems in their domain of responsibility.
Advanced Correlation and Pattern Recognition
LogRhythm's Advanced Intelligence (AI) Engine offers sophisticated correlation and analysis of all enterprise log data in a uniquely intuitive fashion. With a practical combination of flexibility, usability and comprehensive data analysis, AI Engine delivers advanced SIEM 2.0 capabilities with real-time visibility to risks, threats and critical operations issues that are otherwise undetectable in any practical way. AI Engine is Correlation That Works!
LogRhythm collects event data from network and host-based intrusion detection systems. In many cases, intrusion detection systems have been turned down or turned off due to the high volume and unmanageability of alerts. LogRhythm's data reduction and intelligent event management capabilities allow you to realize your IDS investment by turning on and/or turning up the volume and integrating intrusion detection and prevention into your overall SIEM strategy.
For more information, a comprehensive overview of the fundamental computer security controls of prevention, detection and correction by Chris Petersen, LogRhythm CTO, VP Engineering & Founder, is available.
File Integrity Monitoring
LogRhythm's fully integrated File Integrity Monitoring is a powerful component of our SIEM 2.0 capabilities. FIM provides independent auditing of access to and modification of sensitive files. This capability provides an independent audit trail of system changes, as well as who made the change. It is a powerful feature for identifying compromised servers, helping to detect suspicious behavior, such as when intruders override system files and/or create user accounts upon gaining access.
LogRhythm features an extensive range metadata fields that identify and organize information such as network traffic statistics, session and process information, and transaction quantities, amounts and rates. LogRhythm leverages this information to provide greater SIEM granularity for unprecedented visibility into potential insider threats, compliance violations and other operational risks. This combined with contextual event forwarding enables real-time identification and alerting of anomalies within application, database and network activity.
Advanced Intrusion Corroboration
When a security alert is raised, how do you determine its validity? In most networks this is a difficult and time-consuming task, often requiring the involvement of administrators responsible for the affected system. With LogRhythm's SIEM 2.0, intrusions can be corroborated much more efficiently. LogRhythm analysis capabilities allow you to immediately investigate an alert and corroborate its validity by combining the alert with forensic log data from the affected system. With the click of a mouse you are able to view all log data from the affected system 5 seconds, 5 minutes, or 5 hours before or after the alert occurred, all without paging a single administrator.
Alerting and Notification of Security Events
LogRhythm's SIEM 2.0 allows users to easily monitor all log activity for a variety of activities and anomalies related to such factors as specific filename patterns, IP addresses, hosts, users, transaction amounts, file transfer size, etc. When security policies are violated, LogRhythm can automatically alert designated individuals via e-mail, pager, existing management applications and the LogRhythm console. Alerts can be customized to include or exclude specific information and can be sent to users based on their role relative to the affected system or application.
LogRhythm's standard alarms allow advanced filtering for real-time alerting based on any criteria contained within the log data. The addition of the AI Engine delivers over 100 preconfigured, out-of-the-box advanced correlation rule sets and a wizard-based drag-and-drop GUI for creating and customizing even complex rules, enabling organizations to predict, detect and swiftly respond to:
- Sophisticated intrusions
- Insider threats
- Compliance violations
- Disruptions to IT Services
- And many other critical actionable events…
Alerts are easily investigated using the LogRhythm Investigator.
The LogRhythm Investigator
Whether you're battling a zero day attack, trying to discover the impact of activity from a recently terminated disgruntled employee or investigating an HR complaint against a manager of one of your field offices, if managed properly, log data can provide invaluable insight into nefarious behavior, potential risks and imminent threats to your organization.
LogRhythm collects, stores, analyzes and reports on log data in such a way that investigators can readily tap that information to accelerate their discovery of root cause, affected systems and assets, and to dramatically reduce the time-to-remediate.
A zero day exploit may proliferate a bot throughout an enterprise that launches rogue SMTP processes on affected systems. LogRhythm's investigative capabilities empower investigators to quickly determine from which system the exploit was launched, which systems, devices and applications have been affected and prioritize remediation based upon the asset value of those affected entities.
The departure of a disgruntled administrator may raise concerns about their activities prior to resigning. With LogRhythm, investigators can quickly determine what systems were accessed, changed or potentially compromised by that employee during the last 30 days of his employment. LogRhythm also preserves raw log data in its original form in a secure and tamper-proof manner so that chain of custody can be maintained.
The depth, breadth and ease-of-use of the forensic/investigative features of LogRhythm enable IT security staff and investigators to harness the power of their log data using SIEM 2.0 capabilities for more efficient, effective and sound investigations.