We are incredibly excited to share with you the new features available in our 6.0 release. This update provides an amazing depth of functionality and features to expand the impact SIEM can deliver to any organization.
We are fortunate at LogRhythm to have a highly integrated architecture onto which new features can be innovated. It was important to us in this release that we address key concerns around the advances in security threats and continue to tackle regulation compliance burdens.
In 6.0, we are delivering a platform for Cyber Threat Defense, Detection & Response.
- Building from our earlier introduction of our Advanced Intelligence (AI) Engine, our new lists capabilities uses any of our meta-data fields to allow for more targeted pattern recognition for gaining situational awareness in our event recognition. Additionally, lists with AI Engine rules can even automate common regulatory practices for continual monitoring.
Our new Knowledgebase modules, developed and package into the product by our LogRhythm Labs research team, expands on the ongoing embedded expertise in the solution. Opt-in modules, available under maintenance, will give customers regulation specific or security task-oriented packages that propagate rules including AI Engine rules, saved searches, filters, and reports or report templates with guidance for how a customer can automate or quickly accomplish that task.
- We have greatly extended our customization options with Layouts and added a new analysis tool called “TopX” for the Personal Dashboard or aligned with a saved search to give the right person the ideal view to make a quick analysis. The TopX tool presents a quick chart or table consisting of the top or bottom 3 to 20 event counts or packets from any of our meta-data fields. Additional filtering can be layered and drill-down is supported to give a user a highly tailored presentation of the data set appropriate to their immediate task to expedite analysis.
- Faster! Faster! Faster! We increased our collection rates, compression, and indexing rates without any hardware changes to our appliances.
- SmartRemediation™, our new automated remediation functionality, assigns automated responses to events to remove manual steps for deeper forensics gathering or preventing attacks or breaches. For example, immediately disable a user account that logged in from two geographically separate locations in a non-feasible time frame. What makes it smart?
- A work-flow aligned approval process, if necessary, for change management. Before an automated action can execute, permit one to three tiers of individuals or groups to approve or deny the action to allow security analysts, server or application administrators, etc to understand and accept the action prior to it commencing.
- An extensible plug-in architecture provides “off-the-shelf” actions to choose from and allows customization or creation of unique plug-ins. Plug-ins invoke applications or scripts and pass parameters from the event, such as account names, host names or IP addresses, etc.
Our 6.0 release packs a lot of punch to provide a security intelligence platform to customers that want to reduce their time spent on regulation compliance and assurance, establish accurate event recognition tuned to their environment to better recognize and thwart threats and automate threat mitigation.