Central Security Monitoring
Auditors can be automatically notified of specific audit activity and use LogRhythm analysis tools to accelerate the review process. LogRhythm's log and event management capabilities allow you to centrally monitor security activity across the entire IT infrastructure. Using one of LogRhythm's customizable dashboards, users can monitor security activity pertaining to systems in their domain of responsibility.
The LogRhythm Personal Dashboard
The LogRhythm Personal Dashboard provides users with real-time visibility into security related events and alerts for those activities that warrant immediate attention. From the dashboard users can perform a variety of functions including launching investigations, customizing alerts, drilling down into supporting normalized and raw log data as well as generate and configure custom reports while maintaining user audit tracking for compliance and reporting.
Click Image To View LogRhythm Personal Dashboard
Intrusion Detection
LogRhythm can collect alerts from most network and host-based intrusion detection systems. In many cases, intrusion detection systems have been turned down or turned off due to the high volume and unmanageability of alerts. LogRhythm's data reduction and intelligent event management capabilities allow you to realize your IDS investment by turning on and/or turning up the volume.
For more information, a comprehensive overview of the fundamental computer security controls of prevention, detection and correction by Chris Petersen, LogRhythm CTO, VP Engineering & Founder, is available.
Download PDF
File Integrity Monitoring
LogRhythm provides independent auditing of access to and modification of sensitive files. This capability provides an independent audit trail of system changes. It is also extremely helpful in identifying compromised servers since intruders will typically override system files and/or create user accounts upon gaining access.
Anomaly Detection
LogRhythm features metadata fields that collect and organize information such as network traffic statistics, session and process information, and transaction quantities, amounts and rates. LogRhythm leverages this information to provide unprecedented visibility to potential insider threats, compliance violations and other operational risks. This combined with contextual event forwarding enables real-time identification and alerting of anomalies within application, database and network activity.
Intrusion Corroboration
When a security alert is raised, how do you determine its validity? In most networks this is a difficult and time-consuming task, often requiring the involvement of administrators responsible for the affected system. With LogRhythm, intrusions can be corroborated much more efficiently. LogRhythm analysis capabilities allow you to immediately investigate an alert and corroborate its validity by combining the alert with forensic log data from the affected system. With the click of a mouse you are able to view all log data from the affected system 5 seconds, 5 minutes, or 5 hours before or after the alert occurred, all without paging a single administrator.
Click Image To View LogRhythm Screen
Alerting and Notification of Security Events
LogRhythm’s advanced log processing engine allows users to easily monitor all log activity for a variety of activities and anomalies related to such factors as specific filename patterns, IP addresses, hosts, users, transaction amounts, file transfer size, etc. When security policies are violated, LogRhythm can automatically alert designated individuals via e-mail, pager, existing management applications and the LogRhythm console. Alerts can be customized to include or exclude specific information and can be sent to users based on their role relative to the affected system or application.
Alerts can be raised for individual events or combinations of events. They can also take into account the source and destination of security activity. Example alerts include:
- Attack ABC Worm was seen
- Attack ABC Worm was seen from a DMZ system to an internal host
- 10 failed logins were seen from the same user in 5 minutes
- 25 reconnaissance activity alerts were seen from the same system in 24 hours
- An attack alert was raised from a host on the 'bad guy' list
- 5 security alerts were seen between a trusted network and semi-trusted partner network
- A cash transaction exceeding a certain dollar amount threshold occurred in a critical financial application
Alerts are easily investigated using the LogRhythm Investigator.