LogRhythm Enters Network Forensics and NBAD Markets

Launches NetMon Solution To Deliver Powerful Visibility into Network Packet and Session Data for Advanced Threat Detection and Response

BOULDER, Colo.—September 24, 2013— LogRhythm, a leader in cyber threat defense, detection and response, today announced that it is entering the rapidly growing network forensics and network behavior anomaly detection (NBAD) markets with the availability of LogRhythm Network Monitor (NetMon). NetMon significantly extends the accessibility of this critically important class of technology by being far more intuitive, expedient, and cost-effective than traditional network forensics and NBAD solutions. NetMon eliminates significant blind spots plaguing most IT security organizations, allowing them to detect and respond to advanced threats and breaches faster and with greater precision than ever before.

Detecting today’s advanced threats requires greater visibility into how applications are being used and how, and what, data is moving across the network. That insight lies deep within the applications and network session packet data, yet most organizations lack the staff and expertise to apply traditional network forensics and NBAD technologies to gain that much needed visibility. LogRhythm NetMon makes deep packet inspection, true application identification and extensive forensic capture and search available in an offering that is easy to deploy, quick to use, and simple to manage.

“LogRhythm NetMon gives us a level of visibility into network activity that wasn’t previously possible. We’re now able to monitor application activity on the network and tie it directly back to individual user behaviour, said Erin Osminer, Network Administrator at StoneRiver. “The unstructured search engine is extremely powerful and surprisingly easy to use for performing forensic investigations. With NetMon we’ve materially improved our defense, detection and response capabilities for multiple secure data environments.”

Storage requirements of traditional network forensics tools are substantial and have been a material barrier to adoption of the technology for many organizations. NetMon removes that barrier with SmartCapture™, a feature that prioritizes activity of interest for full session packet capture and eliminates the need to store every packet to ensure organizations have access to the right information quickly and in a format necessary to detect and respond to advanced threats and breaches.

While available as a stand-alone network forensic solution, LogRhythm NetMon acts as a key component of the LogRhythm Security Analytics platform, enabling a next generation of security intelligence to detect an ever-expanding landscape of sophisticated and advanced threats that evade other security solutions.

“Deep visibility and analysis of network and application behavior are critical for detecting and responding to today’s advanced threats but many organizations have significant blind spots in these areas,” said Jon Oltsik, Senior Principal Analyst, ESG. “LogRhythm’s new NetMon product can help bridge these monitoring gaps with its innovative network and application forensics technology, ease-of-use features, and hands-on approach with its customers.”

LogRhythm NetMon’s features include:

• True application identification –identifies more than 1,700 applications for in-depth analysis by performing deep packet inspection and applying multiple classification methods to determine the true identity of the application. True application ID provides the visibility necessary to detect critical activities such as suspicious data transfers, network usage policy violations and advanced attacks.
• SmartFlow™ – delivers a rich set of packet metadata derived from each network session, appropriate to the type of application used. The high degree of detail available in SmartFlow™, cataloguing every session on the network, provides deep understanding of an application’s network activity in a quickly accessible format.
• Unstructured Search, Powerful Analysis – provides rapid access to SmartFlow™ details via a powerful, “Google-like” search engine that streamlines and simplifies network forensic investigations. Results are presented in highly informative visualizations and custom layouts, enabling blazingly fast analysis of network packet data.
• Full session packet capture – captures full layer 2 through 7 packet header and payloads from each session for a complete record of network activity. All information is organized by session, providing full context of application communications and content transferred across the network.
• SmartCapture™ – provides full packet capture without the extensive storage requirements of traditional solutions by retaining only sessions of interest.**
• Security Analytics Integration – delivers a rich, real-time feed of SmartFlow™ data to LogRhythm SIEM for industry-leading security analytics.

Organizations can use NetMon to gain deep visibility into application and network session data, eliminating previous blind spots. They can accelerate the detection of and response to highly concerning activity, including data exfiltration, rogue host and bot net communication and inappropriate application usage and file transfers. NetMon also reduces potential loss associated with breaches and “bad actor” behavior.

Integration with LogRhythm market leading SIEM and Security Analytics Platform

When integrated with LogRhythm’s SIEM platform, NetMon offers the industry’s most comprehensive set of threat detection and response capabilities. It also sets a new standard for visibility and precision achieved through network behavior anomaly detection (NBAD) with its rich detail of application and network session data analyzed in conjunction with data from a myriad of other sources.

“With the additional network data up to Layer 7 delivered by NetMon to our LogRhythm platform, we have gained even greater visibility into what is actually happening in our network. Out-of-the-box NBAD capabilities allow us to detect and investigate suspicious traffic to identify a range of issues, from the presence of malware to excessive bandwidth consumption by videoconferencing,” said Vaughn Adams, Senior Manager of IT at InterDigital.

While other solutions may provide limited insight into specific networks, LogRhythm allows for multiple areas of the network to be analyzed in connection with other data sources, providing highly corroborated activities that drive out false positives and provide clear insight to prioritized activities.

“NetMon, when combined with LogRhythm Security Analytics, further strengthens our customers’ ability to detect and respond to current and emerging threats,” said Chris Petersen, cchief technology officer and co-founder of LogRhythm. “Whether defending against custom malware, nation state espionage or routine network misuse, the combined analytics and forensic visibility provide a level of protection not previously possible, and at a time when it is most critically needed.”

In connection with the release of NetMon, LogRhythm has already established partnerships with leading vendors of network packet brokering solutions, including Arista Networks, Gigamon, Ixia-Anue, Net Optics and VSS Monitoring. These partnerships give customers advanced options for network and data access and provide a foundation for future technical collaboration.

NetMon is available now and pricing starts at $25,500. Click here for more information on NetMon.