LogRhythm Labs Embedded Expertise

LogRhythm Labs empowers customers with embedded expertise and out-of-the box intelligence for streamlining advanced threat detection & response, compliance automation & assurance, and operational intelligence & optimization. LogRhythm Labs is comprised of dedicated information security specialists that hold a wide range of industry certifications (e.g., CISSP, CISA, CEH, etc.) and have extensive experience as network architects, security analysts and compliance officers at multinational corporations and federal entities. For continued development and exposure to unique use cases, Labs analysts work closely with customers, field teams and technology partners to form a community of dedicated security experts.

Customers take advantage of Labs’ research through frequent Knowledge Base updates, which automatically embed analytics-driven defense capabilities into LogRhythm’s Security Intelligence Platform. This allows customers to take advantage of new and updated device support, geolocation data, AI Engine rules, lists, investigations, dashboards, and SmartResponse™ plug-ins associated with new and existing Security Analytics and Compliance Automation suites.

LogRhythm Labs is comprised of three teams: the Machine Data Intelligence team, the Threat Intelligence team, and the Compliance Intelligence team.

LogRhythm Labs Overview Download US 'PDF'

Incident Response Services Download 'PDF'

Through continuous innovation, customer partnerships, and unwavering dedication to cyber security, Labs’ embedded expertise empowers customers around the globe to strengthen their network security, defend against targeted attacks, and achieve steady-state compliance.


Machine Data Intelligence

Labs’ Machine Data Intelligence team ensures that LogRhythm can interpret data from virtually any data source across the enterprise. The team regularly builds and updates processing rules for hundreds of operating systems, applications, and network devices. These processing rules translate disparate and often incomprehensible messages into a uniform language by enriching all captured data with common classifications and event names, a Risk-Based Priority (RBP), geolocation tagging and additional contextual details such as directional information. This extensive data preparation strengthens the accuracy of real-time machine analytics and improves search results.

Example: Different systems may describe a seemingly common activity such as an authentication success in many alternative ways, including login successful, logon successful, authentication successful, etc. LogRhythm Labs’ Machine Data Intelligence team recognizes the true activity described in the log message and accurately assigns a common classification and event name, in this case “authentication success”.

Threat Intelligence

LogRhythm Labs examines live attacks and malware within an advanced threat research lab and continually researches the latest trends in security threats by studying industry reports and blogs. Understanding the blueprint of evolving attack vectors and vulnerabilities allows LogRhythm Labs’ Threat Intelligence team to decipher commonalities in data movement and behavior that are indicative of nefarious activity. This insight is used to create an arsenal of advanced correlation rules within LogRhythm’s AI Engine. AI Engine rules perform patented machine analytical techniques that continuously monitor the customer environment for malicious behavioral patterns and abnormal activity.

The Threat Intelligence team combines a subset of AI Engine rules, lists, reports, investigations, dashboard layouts, and SmartResponse™ plugins into purpose-built Security Analytics Suites. Each Security Analytics Suite is designed to address a specific security need and customers can select the individual suites that align to their objectives to quickly take advantage and find value from LogRhythm Labs’ research.

Example: the Advanced Persistent Threats Security Analytics Suite uses a collection of AI Engine rules designed to detect behaviors representative of advanced attacks. Rules include behavioral modelling of activities on the endpoint (e.g. log types, authentication activity, process activity) as well as network activity (e.g. traffic rates, traffic destinations, application types) and others. The APT Security Analytics Suite not only recognizes when an individual behavioral anomaly occurs, but includes rules that recognize when multiple activities or anomalies occur from a common host or user to corroborate the identification of an advanced attack. By analyzing behaviors across multiple stages of an advanced attack and linking multiple behavioral anomalies together, the APT Security Analytics Suite provides more accurate event recognition and prioritization of complex attacks.

Compliance Intelligence

The LogRhythm Labs’ Compliance Intelligence team is comprised of subject matter experts in various industry regulations and compliance standards. Compliance experts are responsible for understanding current compliance requirements and researching new regulations. They leverage that expertise to develop and maintain compliance-specific Compliance Automation Suites to provide enterprises with out-of-the-box report packages, investigations, alarms and automated SmartResponse™ plugins that are specifically mapped to individual controls as specified by the regulation. Additionally, LogRhythm Labs develops AI Engine rules that monitor individual compliance controls. These rules not only perform ongoing monitoring, but can alert on specific compliance violations in real time. This awareness saves time and effort for customers maintaining their compliance state. Labs’ commitment to strengthening and automating LogRhythm’s regulatory capabilities provides customers with continuous compliance assurance.