LogRhythm also helps users realize efficiencies and new capabilities in the audit process. Some of the many capabilities of the LogRhythm solution that provide substantial assistance to compliance and audit challenges include:
- Collecting and archiving cross-platform log data in real time
- Compressing logs for efficient long-term storage
- Simplifying search and retrieval of specific logs for analysis and forensic investigation
- Automatically identifying important audit events and alerts appropriate individuals
- Providing an easier and more affordable way to automate log & event management and file integrity monitoring for compliance
LogRhythm protects its customers’ networks from insider threats and helps them meet specific compliance requirements by allowing them to keep track of what their privileged users are doing. This includes business users with direct access to confidential data systems, as well as administrators with the ability to create and modify permissions, privileges and access to any device.
Privileged User Monitoring provides enormous value by delivering automated monitoring and secure and reliable access to what privileged users are doing when, and how they are doing it.
With LogRhythm you can immediately address and automate specific log data collection, review, archiving, reporting and alerting requirements as well as those requirements mandating File Integrity Monitoring.
LogRhythm Compliance and Audit Features
LogRhythm’s comprehensive compliance packages include:
Pre-built reports summarize log and event data, audit data such as who accessed the LogRhythm system, what logs were reviewed and when, what actions were taken in response to specific events that are specifically called out in the compliance regulation, etc. Additionally, each report specifies what compliance requirement calls for the reporting of that information.
Pre-built alarms automate the notification of appropriate personnel when an event occurs that maps to a specific compliance requirement that mandates alerting (e.g., PCI 5.2) “Ensure that all anti-virus mechanisms are current, actively running and capable of generating audit logs.” For this requirement our pre-built alarm would be configured to send a notification whenever malware is detected. Note: A record that an alarm was sent is captured and reported to provide evidence of compliance.
Pre-built investigations create interactive reports that are generated based upon criteria defined as a compliance requirement (e.g., PCI 1.2.1 “Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment.”) For this requirement, our pre-built investigations would generate an interactive report showing verification that inbound and outbound traffic is properly controlled (limited and/or denied) for the cardholder data environment. The investigation would provide verification of proper controls and the presence of improper network activities.
LogRhythm’s personal dashboard provides a fully customized view of events in real time. Using thedashboard, users can quickly and efficiently monitor for suspicious activity impacting servers, applications and devices.
LogRhythm automatically identifies important audit events in real time, reports them and alerts on events that warrant immediate action. LogRhythm can automatically identify numerous types of audit activity including:
- Changes to a system configuration
- Repeated authentication failures from the same login
- Repeated access control violations from the same login
- Repeated access control violations from the same host
- Account management activity
- Critical file changes & deletions
Auditors can be automatically notified of specific audit activity and use LogRhythm analysis tools to assist and speed up the review process.
Independent Audit Log Access
LogRhythm automates and reduces the cost of acquiring audit data. Audit logs are collected immediately, without requiring the assistance of administrators. This saves time while preserving segregation of duties.
Auditors have independent and centralized access to log data. Log data is automatically prepared for analysis and reporting. Auditors can use LogRhythm analysis tools or develop their own.
Terminated Account Monitoring
Disabling a user account after the user has left the company is a challenge many users face. An employee may have multiple accounts across different systems and applications. LogRhythm allows you to easily monitor any activity originating from what should be a terminated user account.