LogRhythm Product Security

LogRhythm Product Security

Learn More About How We Secure Our Product and Services

LogRhythm is a security company and takes the protection of our customers and our products seriously. Our company is built, complies to, and certifies against a number of security frameworks today (e.g., NIST, SOC2, ISO27001, Privacy Shield, and FIPS/Common Criteria) while we have a number of others in progress (e.g. HIPAA, PCI, and FedRamp). 

We ensure that our product is secure for our SaaS and software customers. We have a dedicated security team and organization accountable for the security of our company and for our products. We conduct regular, third party, penetration tests and also allow our customers to test our products themselves.  When vulnerabilities are discovered, they are quickly triaged, remediated, communicated, and released in accordance to the frameworks outlined above and aligned to our responsible disclosure policy.

Product Compliance Standards

LogRhythm’s products operate in compliance with several leading standards and regulations. To request any of these reports, please email our OCISO team.

ISO 27001

ISO/IEC 27001 enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.

FIPS

To become FIPS compliant, a U.S. government agency or contractor’s computer systems must meet requirements outlined in the FIPS publications numbered 140, 180, 186, 197, 198, 199, 200, 201, and 202.

Common Criteria

The Common Criteria is the driving force for the widest available mutual recognition of secure IT products.

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection.

Privacy Shield

The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks provides companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.

SOC 2

The Committee of Sponsoring SOC 2 certification is issued by outside auditors. They assess the extent to which a vendor complies with one or more of the five trust principles based on the systems and processes in place. The security principle refers to protection of system resources against unauthorized access.

Privacy

LogRhythm upholds regulations such as the General Data Protection Regulation, EU-U.S. Privacy Shield. For more information on data privacy, review our Privacy Policy.

Vulnerability Management

LogRhythm is committed to rapidly addressing potential security vulnerabilities. If you discover a security vulnerability in our product, we want to know. We ensure that security vulnerabilities affecting our products are documented and that solutions are released to our customers rapidly. Review LogRhythm’s Coordinated Vulnerability Disclosure Policy.

If you have detected a vulnerability in LogRhythm’s products, please contact us using the following options.

If you are a current LogRhythm customer, please go to the Support Portal and Submit a Case.

If you are a potential customer, please talk with your sales representative about your security inquiry, or email us at [email protected].

For vulnerabilities discovered in LogRhythm products or web properties, send our OCISO team an email.

For current or potential partners, please contact [email protected] to submit your report.

 

Please contact LogRhythm Public Relations to discuss your needs and support.

 

Website Feedback & Bugs

Website Feedback & Issues

Please direct website feedback and technical issues to:

[email protected]

Website Bugs & Vulnerabilities

Please direct web property vulnerabilities and bug reports to:

[email protected]

Previously Announced Vulnerabilities