LogRhythm NetMon

Surface Threats on Your Network in Real Time

To detect and respond to cyberthreats quickly, your team needs to actively monitor where threats are likely to first appear—your network.

LogRhythm NetMon provides the visibility and security analytics your team needs to monitor your organization’s entire network—either as an independent network forensics solution or as a component of the LogRhythm NextGen SIEM Platform.

Detect Advanced Network Threats

Surface even the most advanced threats in real time with application recognition, customizable Deep Packet Analytics, and multidimensional network traffic and behavioral analytics.

  • Detect even the most sophisticated threats across a broad set of IT environment-generated log and audit data, endpoint activity, and Layer 7 application flow
  • Recognize data exfiltration, spear phishing, botnet beaconing, inappropriate network usage, lateral movement, and suspicious file transfers
  • Corroborate high-risk events at the network or application level with environmental activity from your SIEM

Take the Guesswork out of Incident Response

Enable your incident response team to work effectively and efficiently with unstructured search, session playback, and file reconstruction.

  • Determine the scope of the incident and understand exactly which systems have been compromised
  • Generate irrefutable network-based evidence
  • Reconstruct files transferred across the network to investigate suspicious data exfiltration, malware infiltration, and unauthorized data access

Get Started for Free

See what LogRhythm NetMon has to offer

Try our Freemium version to transform your physical or virtual system into a network forensic sensor.

Network Visibility with Powerful Features

  • True Application Identification: Automatically identify over 3,000 applications to expedite network forensics with advanced classification methods and deep packet inspection.
  • SmartFlow™ Session Classification: Recover Layer 7 application details and packet data for all sessions.
  • Deep Packet Analytics (DPA): Automate threat detection by correlating against full packet payload and SmartFlow data using out-of-the-box rules and customizable scripts.
  • Full Packet Capture: See every bit that crosses your network with Layer 2–7 packet capture stored in industry-standard PCAP format.
  • SmartCapture™: Automatically capture sessions based on application or packet content to preserve the information you need.
  • Unstructured Search: Drill down to critical packet and flow data with our Elasticsearch backend to streamline your investigation.
  • File Reconstruction: Reconstruct email file attachments to support malware analysis and data loss monitoring.
  • Alerts & Dashboards: Surface continuous, automated analysis on saved searches through customizable analyst dashboards.
  • API Integration: Provide third-party tools access to session-based packet captures and reconstructed files.

Flexible Deployment for Network Monitoring

Choose the right NetMon deployment for your environment

  • Highly scalable 10 Gbps appliances: Appliances that can keep up as the demands of your network grow
  • Software appliances for remote sites: A cost-effective and flexible solution for monitoring low-bandwidth remote sites starting at 10 Mbps
  • Integrate with existing monitoring infrastructure: Whether via span port, tap, or network packet broker, our passive sensors easily integrate with your infrastructure or SIEM
  • Virtual sensor: A virtual sensor for virtual switches improves your visibility into your cloud infrastructure

Prevent Cyber Incidents as Part of the Complete Threat Lifecycle Management Framework

Monitoring your network can mean detecting a threat early in the Cyber Attack Lifecycle. And detecting a threat early is the key to protecting your organization for large-scale impact.

To learn more about how network monitoring plays a role in optimizing your team’s Threat Lifecycle Management framework, read the below white paper.

See LogRhythm in Action

Learn how your team can reduce time to detect and respond to cyberthreats with the LogRhythm Threat Lifecycle Management Platform.