Accelerating your return on investment (ROI) is critical to drive customer success at LogRhythm. But increasing ROI is only part of our secret sauce. Here at LogRhythm, we enable you to realize greater security operations workflow efficiency and increasingly advanced analytics with each release.
To continue the momentum of measuring and realizing a greater ROI with your existing technology and staff, we’ve released LogRhythm version 7.4 to give you the tools to succeed in detecting, responding, and remediating a potential threat and reduce organizational risk. Let’s dive in and review the latest features in our platform.
What’s Under the Hood of Version 7.4?
Security Orchestration, Automation, and Response (SOAR)
What’s new in LogRhythm 7.4? To help small teams produce bigger outcomes, we added to our security orchestration, automation, and response (SOAR) capabilities. Our latest version offers customizable playbooks that allow security analysts to scale and accelerate their investigations and responses with a repeatable workflow available to the entire team (even offshore) — no matter their level of security knowledge.
Playbooks are especially valuable because they empower Tier 1 analysts’ work to be backed up by the knowledge of a more experienced analyst. This frees senior analysts to focus on areas of higher value and risk to your organization. By upgrading to LogRhythm 7.4, you can utilize prebuilt playbooks developed by LogRhythm Labs for the most common threat types, making security teams more efficient and accurate throughout their investigations.
Playbooks empower your security analysts in many ways:
- Everyone benefits from a checklist: Playbooks help you keep track of exactly what to do for a given threat scenario.
- Don’t miss a step and always know the priority: Interruptions often lead to forgotten tasks. Playbooks provide analysts with a focused view on tasks, even across cases and as new tasks are assigned — ensuring they recognize the most important and time critical tasks while guaranteeing nothing slips through the cracks.
- See who performed what task: Playbooks offer greater accountability throughout a security team, as well as enable visibility into each analyst’s current workload.
- Edit and customize playbooks as needed: You can adjust the scope and specificity of your organization’s playbooks based on the needs of the team or organization quickly and easily.
- Import prebuilt playbooks: LogRhythm Labs created 10 initial playbooks aligned to common threat types to help get you started. Additionally, sharing playbooks on LogRhythm Community, LogRhythm’s user community, allows analysts to exchange best practices and learn from others.
- Playbooks support your compliance requirements: Use playbooks and playbook metrics to demonstrate your adherence to compliance controls. For example, many regulatory compliance controls require a standardized response for analyzing and reporting compliance violations. With playbooks, you can see who took an action and when that user completed a step per a compliance mandate.
For more information on playbooks and better automation in LogRhythm 7.4, check out the August 2018 Tips and Tricks webinar in the LogRhythm Community.
SOAR Metrics
LogRhythm 7.4 introduces two new metrics: time to qualify (TTQ) and time to investigate (TTI) to drive greater customer success. These SOAR metrics give you a high-level view of your security team’s efficiency and effectiveness and help prove the value of security within your organization and accelerate your security maturity. After all, if you can’t measure it, you can’t improve it.
With a new dashboard, Case Metrics Trend widget, and our Case APIs, you gain visibility to changes in the amount of time it takes to qualify and investigate threats by threat type. This enhances existing metrics such as mean time to detect (MTTD) and mean time to respond (MTTR) — available since version 7.2.
You can use these statistics to recognize areas of improvement within your security operations and provide a means to demonstrate measurable risk reduction to the executive team and broader organization. Ultimately, these metrics provide an informative snapshot of security maturity with granular details to help you better understand those bottlenecks that are impairing your organization and how to accelerate maturity.
For more information on SOAR metrics now available in LogRhythm 7.4, read this blog post.
Stronger UEBA with Identity Context
With LogRhythm 7.4, your analysts can more accurately identify privileged account abuse and misuse, account compromise, and insider threat through enhancements to TrueIdentity™. LogRhythm 7.4 makes it easier to gain additional identifiers from a variety of different account types including active directory, identity and access management (IAM) solutions, and even nontraditional identity data sources like physical access control systems.
With TrueIdentity, your analysts can enhance their searches with identity context, as well as scenario- and behavior-based analytics. You can see all business and personal account activity attributed to a single identity, providing crucial visibility to detect privileged account abuse and misuse and account compromise — immediately and without false positives.
Additionally, CloudAI and LogRhythm 7.4 add an additional layer of behavior recognition to help you detect when users are acting differently than peers. This enables you to recognize significant behavioral anomalies. Your security team can expedite investigative workflows with access to CloudAI’s dynamically learned peer grouping. Also, with CloudAI, your analysts have access to a guided user and entity behavior analytics (UEBA) analyst experience through prebuilt dashboard widgets that accelerate threat hunting and risky user investigation.
With immediate access to contextual user data and peer group activity, your analysts will feel confident in their ability to recognize key security relevant behavioral anomalies, previously unattainable.
Expanded Admin Permissions
We know quicker detection and response aren’t as impactful if your platform administration is burdensome or challenging. Improving workflows for administrators is important too! That’s why LogRhythm 7.4 empowers administrators to better distribute administrative permissions while reducing LogRhythm’s global footprint, driving down overall administrative costs, workflow bottlenecks, and the solution’s physical footprint.
To better align your analysts’ day-to-day responsibilities with the right level of admin data and features, LogRhythm version 7.4 introduces feature-level role-based access control (RBAC). With RBAC, LogRhythm 7.4 allows for the appropriate level of administrative privileges, thus increasing data security and driving greater team efficiency.
Driving Success
We understand customer success is more than just accelerating the ROI of LogRhythm with your existing technology and staff. Each of our releases empower your security team with optimized workflows. In addition, they improve ease of use and reduce the time it takes your team to detect, respond, and remediate threats to your organization.
Improving workflow efficiency through automation and providing metrics are impactful for your organization. For more information on LogRhythm 7.4 features, check out our webinar on the 7.4 release or download the new release today.