New Capabilities Provide Unprecedented Insight through Analysis of Application and Database Logs
March 3, 2008 – LogRhythm, the company that makes log data useful, today announced a new version of its integrated log and event management system which simplifies and automates regulatory compliance, enhances information security, and improves the efficiency of IT operations.
LogRhythm 4.0 extends the scope and value of log and event management through four key advancements:
Universal Database Log Adapter (UDLA™) which provides access to log data generated by any ODBC compliant database and the applications they support
Inclusion of new metadata fields that harvest greater intelligence from database and application logs
Contextual Event Forwarding technology that enables advanced anomaly detection and operational intelligence
LogMart™ data mining capabilities that provide unique data visualization and trending to support intrusion detection, incident response, audit investigations, forensics and eDiscovery
“LogRhythm’s 4.0 release is further proof that the value of comprehensive log and event management extends beyond the realm of traditional SIM platforms alone,” said Jon Oltsik, Security Practice Leader at Enterprise Strategy Group. “With log management growing in strategic importance for most enterprises, 4.0 positions LogRhythm quite well to address this burgeoning market.”
Universal Database Log Collection and Management
To address regulatory compliance requirements focused on data privacy, internal audit demands for greater control and visibility, and the growing need for improved operations intelligence, LogRhythm 4.0 now supports databases. LogRhythm collects, analyzes, alerts, and reports on logs from all ODBC-compliant databases including Oracle, Microsoft SQL Server, IBM DB2, Informix, MySQL, and others. Collection does not require an agent on the database server.
Additionally, LogRhythm’s UDLA captures data from custom audit logs and applications that run on the database. LogRhythm can even detect and alert if a rogue administrator or other insider turns off auditing on the database server in order to conceal fraudulent activity. LogRhythm’s new capabilities offer an additional layer of protection and insight to protect valuable database assets against insider and outsider threats.
Extended Metadata Collection and Contextual Event Forwarding Shine Spotlight on Insider Threats and More
LogRhythm 4.0 features new metadata fields that collect and organize information such as network traffic statistics, session and process information, and transaction quantities, amounts and rates. LogRhythm leverages this information to provide unprecedented visibility to potential insider threats, compliance violations and other operational risks. This information combined with version 4.0’s new contextual event forwarding enables real-time identification and alerting of anomalies within application, database and network activity. For example, LogRhythm can be used to pinpoint specific exceptions such as transactions greater than a specified dollar amount in a financial application, including when it occurred, who was responsible, and which account was modified.
Leveraging LogRhythm’s advanced log processing engine, users can easily monitor all log activity for specific filename patterns, IP addresses, hosts, or users. When security policies are violated, LogRhythm can automatically alert designated individuals via e-mail, pager, existing management applications and the LogRhythm console.
“Log and event management is now a requirement for virtually every regulatory mandate and security standard, yet few products provide a truly integrated solution for both disciplines,” said Chris Petersen, founder and CTO of LogRhythm. “Our 4.0 release extends the power of our integrated platform to take full advantage of logs at the application and database layer, making LogRhythm ideal for advancing insider threat detection, data privacy and operations intelligence.”
Visualization and Search Makes Log Mining a Snap
To automate forensic search and analysis, pinpoint operational issues, and gain greater business intelligence, LogRhythm 4.0 incorporates a powerful set of new visualization, data trending, and search capabilities in its LogMart tool. LogMart aggregates millions of logs in a single graphical view to expose exceptions in security, compliance, and operations over short or long periods of time. Its powerful user-configurable charting and filtering capabilities enable users to quickly switch from viewing months or even years worth of log trend data and drill down to individual logs to expose the root cause of a security breach or operational problem.
Additionally, LogMart enables organizations to respond quickly and with greater efficiency to eDiscovery requests for log data which historically have placed undue burden on IT staff and investigators. Whether organizations are analyzing web server logs to ensure compliance with service level agreements, investigating failed access attempts on a critical server, or monitoring long term server access patterns to optimize performance, LogMart extends the usefulness of log data.
Pricing and Availability
LogRhythm 4.0 is available immediately from LogRhythm and its business partners worldwide. Pricing starts at $20,000. Organizations can start with a deployment that meets their initial needs and scale easily to address much higher log volumes.