Forensic Investigation

Whether you’re battling a zero day attack, trying to discover the impact of activity from a recently terminated disgruntled employee or investigating an HR complaint against a manager of one of your field offices, if managed properly, log data can provide invaluable insight into nefarious behavior, potential risks and imminent threats to your organization.

LogRhythm collects, stores, analyzes and reports on log data in such a way that investigators can readily tap that information to accelerate their discovery of root cause, affected systems and assets, and to dramatically reduce the time-to-remediate.

A zero day exploit may proliferate a bot throughout an enterprise that launches rogue SMTP processes on affected systems. LogRhythm’s investigative capabilities empower investigators to quickly determine from which system the exploit was launched, which systems, devices and applications have been affected and prioritize remediation based upon the asset value of those affected entities.

The departure of a disgruntled administrator may raise concerns about their activities prior to resigning. With LogRhythm, investigators can quickly determine what systems were accessed, changed or potentially compromised by that employee during the last 30 days of his employment. LogRhythm also preserves raw log data in its original form in a secure and tamper-proof manner so that chain of custody can be maintained.

The depth, breadth and ease-of-use of the forensic/investigative features of LogRhythm enable IT security staff and investigators to harness the power of log data for more efficient, effective and sound investigations.