LogRhythm Product Security
LogRhythm is a security company and takes the protection of our customers and our products seriously. Our company is built, complies to, and certifies against a number of security frameworks today (e.g., NIST, SOC2, ISO27001, Privacy Shield, and FIPS/Common Criteria) while we have a number of others in progress (e.g. HIPAA, PCI, and FedRamp).
We ensure that our product is secure for our SaaS and software customers. We have a dedicated security team and organization accountable for the security of our company and for our products. We conduct regular, third party, penetration tests and also allow our customers to test our products themselves. When vulnerabilities are discovered, they are quickly triaged, remediated, communicated, and released in accordance to the frameworks outlined above and aligned to our responsible disclosure policy.
Product Compliance Standards
LogRhythm’s products operate in compliance with several leading standards and regulations. To request any of these reports, please email our OCISO team.
ISO/IEC 27001 enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.
To become FIPS compliant, a U.S. government agency or contractor’s computer systems must meet requirements outlined in the FIPS publications numbered 140, 180, 186, 197, 198, 199, 200, 201, and 202.
The Common Criteria is the driving force for the widest available mutual recognition of secure IT products.
The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection.
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks provides companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
The Committee of Sponsoring SOC 2 certification is issued by outside auditors. They assess the extent to which a vendor complies with one or more of the five trust principles based on the systems and processes in place. The security principle refers to protection of system resources against unauthorized access.
LogRhythm is committed to rapidly addressing potential security vulnerabilities. If you discover a security vulnerability in our product, we want to know. We ensure that security vulnerabilities affecting our products are documented and that solutions are released to our customers rapidly. Review LogRhythm’s Coordinated Vulnerability Disclosure Policy.
If you have detected a vulnerability in LogRhythm’s products, please contact us using the following options.
If you are a current LogRhythm customer, please go to the Support Portal and Submit a Case.
If you are a potential customer, please talk with your sales representative about your security inquiry, or email us at [email protected].
For vulnerabilities discovered in LogRhythm products or web properties, send our OCISO team an email.