The below datasheets provide detailed information on LogRhythm features and capabilities.
LogRhythm’s combines comprehensive SIEM, Log Management, File Integrity Monitoring and Machine Analytics, with Host & Network Forensics, in a unified Security Intelligence Platform to help federal organizations combat today’s cyber threats while complying with a myriad of regulations such as FISMA, NERC CIP, HIPAA, DoDI, etc…
SmartResponse™ delivers immediate action on real-world issues, such as when suspicious behavior patterns are detected, specific internal or compliance-driven policies are violated, or critical performance thresholds are crossed. LogRhythm ensures that responses are based on accurate information by performing real-time analysis on all log data, helping to minimize false positives as well as the delays associated with manual intervention.
Host Activity Monitoring provides independent awareness and insight into what’s happening on a host, providing a critical layer of protection from a broad spectrum of problems, ranging from important operational events such as system and application failures to security and compliance violations tied to unauthorized or malicious activity.
LogRhythm’s Advanced Intelligence (AI) Engine is a fully integrated component of any LogRhythm deployment, delivering automated, continuous analysis and correlation of all activity observed within the environment in a uniquely intuitive fashion. With a practical combination of flexibility, usability and comprehensive data analysis, AI Engine delivers real-time visibility to risks, threats and critical operations issues that are otherwise undetectable in any practical way.
Knowing who is responsible for what is happening in your IT environment is a critical component of maintaining a secure network. And while discovering the identity responsible for specific activities is a necessary step in the forensic investigation process, in many situations, that information is not contained within the available machine data. LogRhythm’s Identity Analytics employs a number of capabilities for capturing identity information to ensure that important event context is available for both real-time machine analytics and rapid access during the course of an investigation.
An overview of LogRhythm’s File Integrity Monitoring which automates compliance requirements including PCI DSS and enables organizations to monitor for and alert on a variety of malicious behaviors, from improper user access of confidential files to botnet related breaches and transmittal of sensitive data.
Case Management delivers a powerful means for collecting, distributing and analyzing data tied to specific events and incidents for more effective and efficient completion of critical tasks. This fully integrated component optimizes the analyst workflow, ensuring threats do not slip through the cracks, and allowing for conclusive end-to-end threat detection and response.
LogRhythm’s high-performance appliance line provides IT organizations with flexible deployment options and true enterprise scalability. The high-performance line incorporates a highly flexible and scalable architecture that provides for a range of deployment options, from a single all-in-one appliance to multi-tier, enterprise-wide solutions.
Many enterprises must adhere to Disaster Recovery policies to provide protection in case a primary site fails due to natural or man-made disasters. To support these policies, LogRhythm provides Disaster Recovery capabilities at each layer of the solution, including mirroring of the deployment configuration data, events, and alarms to a secondary site.
Protecting your organization from APTs is an ongoing process that starts with thoughtful planning and implementation and requires broad visibility, continuous monitoring, advanced analysis and pattern recognition, intelligent countermeasure capabilities, and ongoing adaptation to new and evolving threats.
LogRhythm’s Honeypot Security Analytics Suite allows customers to centrally manage and continuously monitor honeypot event activity for adaptive threat defense. When an attacker begins to interact with the honeypot, LogRhythm’s Security Intelligence Platform begins tracking the attacker’s actions, analyzing the honeypot data to create profiles of behavioral patterns and attack methodologies based on the emerging threats.
The Network Behavior Anomaly Detection Security Analytics Suite was specifically designed to provide the out-of-the-box capabilities needed to detect network abnormalities in real-time. By capturing data generated by perimeter security devices such as IDS/IPSs, vulnerability scanners, next-gen firewalls and identity access management systems and combining it with other machine and flow data, the suite is able to establish a behavioral baseline of normal network activity.
LogRhythm’s Privileged User Monitoring Security Analytics Suite includes a set of saved searches, reports, and analytical rules to allow enterprises to detect suspicious activity from privileged users. The suite leverages the advanced research from LogRhythm Labs’ dedicated team of security experts to recognize behavioral patterns indicative of privileged user account misuse or compromise within LogRhythm’s Security Intelligence Platform.
The Web Application Defense Security Analytics Suite is designed to analyze web server logs and other related data sources with a focus to detect, identify, and prevent threats and breaches. When malicious web behavior is identified, the associated IP address is automatically added to a watch list of attacking IPs. Using LogRhythm’s SmartResponse™, the watch list can also be leveraged to create a blacklist that enables your network infrastructure to block any further access attempts. The suite delivers meaningful alerts and automated remediation to detect and prevent attacks targeting web servers.
LogRhythm Partner Integration Solution Datasheets
LogRhythm and Blue Coat have formed a strategic partnership to enable organizations to detect network threats hidden in encrypted traffic. LogRhythm’s Network Monitor receives decrypted network traffic from the SSL Visibility Appliance and then uses advanced analytics to expose critical activities and threats such as advanced attacks, data exfiltration and network usage policy violations.
LogRhythm and Check Point have developed an integrated solution for enterprise security intelligence and next generation network protection. The joint solution delivers advanced threat detection and response via a two way integration with Check Point. LogRhythm collects extensive insight into the entire security gateway from Check Point via OPSEC LEA for detailed visibility into the users, groups, applications, machines and connection types. A SmartResponseTM plug-in allows LogRhythm to leverage Check Point for immediate protective action.
LogRhythm and Cisco have developed an integrated solution for comprehensive enterprise security intelligence and threat management. By combining the visibility and enforcement mechanisms of Cisco’s portfolio of leading security and networking solutions with the advanced security analytics and actionable intelligence of LogRhythm’s Security Intelligence Platform, customers around the globe are able to detect internal and external threats, identify behavioral anomalies, enhance security and enforce compliance.
LogRhythm and FireEye have developed an integrated solution for comprehensive enterprise intelligence and threat management. LogRhythm’s advanced correlation and pattern recognition automatically incorporates threat intelligence from the FireEye Malware Protection System to deliver real-time threat protection based on up-to-date attack vectors and comprehnsive security analytics.
By combining endpoint data on devices, users, and applications captured by ForeScout CounterACT™ with LogRhythm’s Security Intelligence Platform for real-time host, network and user analytics, LogRhythm and ForeScout deliver an integrated solutions that allows users to monitor and secure systems and applications across the organization.
Fortinet and LogRhythm have developed an integrated offering for comprehensive enterprise security intelligence and incident response management. LogRhythm gathers intelligence from Fortinet’s FortiGate high performance network security platform and correlates it against other security device and machine data throughout the IT environment. This integration delivers multi-dimensional behavioral analytics, extended visibility and continuous monitoring for real-time threat detection and response.
The Ixia-Anue Net Tool Optimizer™ (NTO™) works in concert with a LogRhythm SmartResponse™ plug-in and your security tools (forensic recorders, IPS/IDS, DLP and malware analyzers) to protect your network. The Anue NTO passively directs out-of-band network traffic from multiple access points (SPANs or TAPs) in the network to security tools for analysis. Traffic is aggregated from all necessary access points in the network to provide comprehensive visibility.
LogRhythm and Rapid7 are tightly integrated, combining the value of Rapid7’s best-of-breed vulnerability management and penetration testing software with the threat management capabilities of LogRhythm’s Security Intelligence Platform. The combined offering empowers customers to identify behavioral anomalies, internal and external threats, and prevent breaches based on accurate enterprise security intelligence.
LogRhythm and Webroot have developed an integrated solution for comprehensive security intelligence and threat management. LogRhythm automatically integrates actionable intelligence from Webroot’s BrightCloud IP Reputation Service with other machine data collected throughout the enterprise for comprehensive, real- time threat visibility and next generation security analytics.
LogRhythm Compliance Whitepapers