All-in-One Solution Adds File Integrity Monitoring and Endpoint Monitoring/Control to Prevent Data Theft, Satisfy Compliance Requirements
BOULDER, Colo., April 14, 2009 – LogRhythm, the company that makes log data useful, today announced a new version of its integrated log and security information event management (SIEM) platform that incorporates data protection capabilities typically provided by stand alone products. To prevent data theft, LogRhythm 5.0 provides file integrity monitoring and alerting, as well as endpoint monitoring & control for removable media devices. Since these capabilities are integrated with log data, LogRhythm can link activity to responsible users, establish audit trails, and meet a broader set of regulatory compliance requirements.
According to Gartner, Inc., “More and more enterprises are shifting their security activities from external threats to the risks presented by insiders’ inappropriate behaviors, whether malicious or simply negligent. Chief information security officers (CISOs), security organizations in general and enterprise decision makers with security or risk management responsibilities should consider a blend of process changes and technology-based solutions to address the insider threat… Because security information and event management (SIEM) products offer a more-complete picture of what’s occurring on enterprise systems, they are particularly powerful.”
User-Aware File Integrity Monitoring
To protect sensitive data from theft and abuse, LogRhythm 5.0 provides enterprise-class file integrity monitoring and alerting that is fully integrated with system logs and events. This holistic approach enables security personnel to be notified in near real-time when protected files are changed, deleted, etc., and to trace activity back to the individual user who performed them. These capabilities also allow organizations to meet additional regulatory compliance requirements, such as Payment Card Industry Data Security Standard (PCI DSS) 11.5 and 12.9, without purchasing a separate product.
For selective monitoring, LogRhythm 5.0 provides granular controls and filters that can pinpoint only targeted files and perform scans at desired intervals. The system can monitor all file types including: executables, configuration files, password files, content files, log and audit files, web files, database files, and more. LogRhythm 5.0’s file integrity monitoring ships with pre-configured policies for popular applications and supports Windows, UNIX and Linux operating systems. All of these capabilities can be centrally modified and managed from the LogRhythm console.
Integrated Endpoint Monitoring & Control
To prevent theft and enforce data security policies, LogRhythm 5.0’s Endpoint Monitoring & Control tracks, alerts on, logs, and audits all movement of data to removable media ports and can optionally block data transfers on selected machines and devices. These capabilities monitor USB ports, RAM drives, and CD/DVD drives on Microsoft Windows systems. Administrators can centrally configure and manage policies for their entire organization from the LogRhythm console.
“Protecting sensitive data and meeting compliance requirements requires a combination of technologies, processes, and controls,” said Chris Petersen, CTO of LogRhythm. “With LogRhythm 5.0 we are using the vast pool of IT intelligence we gather – network, system, and application logs – to centralize interrelated security functions and make it easier for organizations to secure their data and comply with regulatory mandates.”
Log Distribution Service
For organizations that want to leverage using other applications the comprehensive and rich source of log data collected by LogRhythm, version 5.0 includes a log distribution service. This mechanism can be used to deliver specified log data via UDP or TCP based Syslog to applications such as enterprise management frameworks like OpenView, Tivoli, etc. and managed security services providers.
Enhanced Compliance Packages
LogRhythm 5.0 also includes an enhanced set of regulation-specific compliance packages that incorporate broader and richer capabilities including:
• Audit data from the new file integrity monitoring and endpoint monitoring & control
• Out-of-the box alerts
• Pre-defined investigation parameters for forensic analysis
These compliance packages align with specific regulations such as PCI DSS, Sarbanes-Oxley, and the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standard.