SIEM, Security Information & Event Management

Follow LogRhythm:

Products
       One Integrated Solution
       Log and Event Management
          Log Management
          Log Analysis
          Event Management
          Intelligent IT Search
       Advanced Intelligence Engine (AI)
       SmartRemediation
       File Integrity Monitoring
       Host Actvity Monitoring
       Geolocation & Visualization
       Reporting
       Turnkey Appliances
       High Availability Solutions
       Software & Virtual Deployments
       Advanced Agent
       WebRhythm Remote Access
       Cisco MARS Replacement

Applications
       Overview
       Compliance
          PCI DSS Compliance
          HIPAA Compliance
          NRC GR57.1
          NEI Compliance
          NERC CIP Compliance
          SOX Compliance
          GLBA Compliance
          FISMA Compliance
          GCSX Compliance
          Protective Monitoring: GPG13
       SIEM
       IT Optimization
       Business Intelligence
       Insider Threat/Fraud Detection
       Forensics/Investigation
       eDiscovery
       Database Monitoring

Services
       Professional Services
       LogRhythm Labs
       Training Options
          Online Instructor-Led Schedule
          Boulder Based Schedule
       Maintenance and Support

Resources
       Overview
       Datasheets
       Use Cases
          Protective Monitoring
          Detect Advanced Threats (APTs)
          Absence of an Event
          Continuous Monitoring
          Rapid Forensics
          Advanced Correlation
          Rapid Time-to-Value
          Fraud Detection and Prevention
          Protecting Critical Assets
          Change Control
          Protecting ePHI
          Enriching Data w/ Geolocation
          Network & Process Monitoring
          Controlling Operating Costs
          Privileged User Monitoring
          Flexible Reporting
          Visualizing Log & Event Data
          Zero Day Exploits
          Architecture for Any Enterprise
       Case Studies
          Canadian Auto Association
          University of Nottingham
          Endsleigh Insurance Services
          The Share Centre
          ALPS Funds Services
          St John Ambulance
          Phoenix Sun
          Ventura
          Ascent Media Group
          Commidea
          Center for American Progress
          Fortis Bank
          Cardiff County Council
          Regis Corporation
       Compliance Solution Briefs
       Compliance White Papers
       Sample Reports
       Customer Testimonials
       3-Minute Product Demo
       In-Depth Product Demo
       Request Online Demonstration
       Multimedia
       Industry Info
       Request More Info

Partners
       Partners Overview
       Reseller Partners
       MSP/MSSP Partners
       Services and Solutions Partners
       Technology Partners
       Ecosystem Partners

Company
       Overview
       In the News
       Press Releases
          Press Releases - Current
          Press Releases 2010
          Press Releases 2009
          Press Releases 2008
       Events
       Executive Team
       Careers
       Contact
       Privacy Policy

Support
       Customer Support Portal

LogRhythm Home > Applications > SIEM

Applications

“With all this power, one would think it would be complicated to deploy and manage, but this appliance can be up and running with very little effort . . ."

~Peter Stephenson | SC Labs

Read the full product review

LogRhythm for SIEM Automate Monitoring, Analysis and Alerting for External and Internal Threats in Real Time Your infrastructure is increasingly under attack from the outside and from within. LogRhythm offers timely and actionable insights into securing it. LogRhythm harnesses the wealth of security-related information embedded within everyday systems, applications, and network log data. LogRhythm analyzes and correlates all your logs in real-time, providing you actionable visibility and alerts on important events. You can easily conduct further analysis and react as appropriate. You can even add custom rules to provide insight most relevant to your network and your business. LogRhythm stands apart from traditional log and event management systems by also providing universal log collection from databases and applications, real-time anomaly detection and alerting, advanced correlation and pattern recognition, data visualization for long-term trending, and data mining for deep forensic analysis. LogRhythm Security Highlights Central Security Monitoring Centrally monitor security activity across the entire IT infrastructure Advanced Correlation and Pattern Recognition Sophisticated correlation and analysis of all enterprise log data in a uniquely intuitive fashion. Intrusion Detection Collect alerts from most network and host-based intrusion detection systems File Integrity Monitoring Independent auditing of access to and modification of sensitive files Intrusion Corroboration Immediately investigate an alert and corroborate its validity Anomaly Detection Identify behavior anomalies within application and network activity logs in real-time Alerting and Notification of Security Events Automatically alerts appropriate staff based upon predefined escalation process Insider Threat Detection Proactive detection and alerting on security threats from within Forensics/Investigation Powerful forensic analysis and investigation tool set eDiscovery Rapid and automated response to eDiscovery requests

Central Security Monitoring Auditors can be automatically notified of specific audit activity and use LogRhythm analysis tools to accelerate the review process. LogRhythm's log and event management capabilities allow you to centrally monitor security activity across the entire IT infrastructure. Using one of LogRhythm's customizable dashboards, users can monitor security activity pertaining to systems in their domain of responsibility. The LogRhythm Personal Dashboard The LogRhythm Personal Dashboard provides users with real-time visibility into security related events and alerts for those activities that warrant immediate attention. From the dashboard users can perform a variety of functions including launching investigations, customizing alerts, drilling down into supporting normalized and raw log data as well as generate and configure custom reports while maintaining user audit tracking for compliance and reporting. Advanced Correlation and Pattern Recognition LogRhythm’s Advanced Intelligence (AI) Engine offers sophisticated correlation and analysis of all enterprise log data in a uniquely intuitive fashion. With a practical combination of flexibility, usability and comprehensive data analysis, AI Engine delivers real-time visibility to risks, threats and critical operations issues that are otherwise undetectable in any practical way. AI Engine is Correlation That Works! Intrusion Detection LogRhythm can collect alerts from most network and host-based intrusion detection systems. In many cases, intrusion detection systems have been turned down or turned off due to the high volume and unmanageability of alerts. LogRhythm's data reduction and intelligent event management capabilities allow you to realize your IDS investment by turning on and/or turning up the volume. For more information, a comprehensive overview of the fundamental computer security controls of prevention, detection and correction by Chris Petersen, LogRhythm CTO, VP Engineering & Founder, is available. Download PDF File Integrity Monitoring LogRhythm provides independent auditing of access to and modification of sensitive files. This capability provides an independent audit trail of system changes. It is also extremely helpful in identifying compromised servers since intruders will typically override system files and/or create user accounts upon gaining access. Anomaly Detection LogRhythm features metadata fields that collect and organize information such as network traffic statistics, session and process information, and transaction quantities, amounts and rates. LogRhythm leverages this information to provide unprecedented visibility to potential insider threats, compliance violations and other operational risks. This combined with contextual event forwarding enables real-time identification and alerting of anomalies within application, database and network activity. Intrusion Corroboration When a security alert is raised, how do you determine its validity? In most networks this is a difficult and time-consuming task, often requiring the involvement of administrators responsible for the affected system. With LogRhythm, intrusions can be corroborated much more efficiently. LogRhythm analysis capabilities allow you to immediately investigate an alert and corroborate its validity by combining the alert with forensic log data from the affected system. With the click of a mouse you are able to view all log data from the affected system 5 seconds, 5 minutes, or 5 hours before or after the alert occurred, all without paging a single administrator. Alerting and Notification of Security Events LogRhythm’s advanced log processing engine allows users to easily monitor all log activity for a variety of activities and anomalies related to such factors as specific filename patterns, IP addresses, hosts, users, transaction amounts, file transfer size, etc. When security policies are violated, LogRhythm can automatically alert designated individuals via e-mail, pager, existing management applications and the LogRhythm console. Alerts can be customized to include or exclude specific information and can be sent to users based on their role relative to the affected system or application. LogRhythm’s standard alarms allow advanced filtering for real-time alerting based on any criteria contained within the log data. The addition of the AI Engine delivers over 100 preconfigured, out-of-the-box advanced correlation rule sets and a wizard-based drag-and-drop GUI for creating and customizing even complex rules, enabling organizations to predict, detect and swiftly respond to: Sophisticated intrusions Insider threats Fraud Compliance violations Disruptions to IT Services And many other critical actionable events… Alerts are easily investigated using the LogRhythm Investigator.

The LogRhythm Investigator Whether you’re battling a zero day attack, trying to discover the impact of activity from a recently terminated disgruntled employee or investigating an HR complaint against a manager of one of your field offices, if managed properly, log data can provide invaluable insight into nefarious behavior, potential risks and imminent threats to your organization. LogRhythm collects, stores, analyzes and reports on log data in such a way that investigators can readily tap that information to accelerate their discovery of root cause, affected systems and assets, and to dramatically reduce the time-to-remediate. A zero day exploit may proliferate a bot throughout an enterprise that launches rogue SMTP processes on affected systems. LogRhythm’s investigative capabilities empower investigators to quickly determine from which system the exploit was launched, which systems, devices and applications have been affected and prioritize remediation based upon the asset value of those affected entities. The departure of a disgruntled administrator may raise concerns about their activities prior to resigning. With LogRhythm, investigators can quickly determine what systems were accessed, changed or potentially compromised by that employee during the last 30 days of his employment. LogRhythm also preserves raw log data in its original form in a secure and tamper-proof manner so that chain of custody can be maintained. The depth, breadth and ease-of-use of the forensic/investigative features of LogRhythm enable IT security staff and investigators to harness the power of log data for more efficient, effective and sound investigations.