Leveraging innovative and patent-pending behavioural white listing as well as advanced statistical and heuristic behavioural analysis, the enhanced SIEM 2.0 solution empowers organisations of all sizes to detect breaches and the most sophisticated cyber threats of today, faster and with greater accuracy than ever before.
With its innovation to the SIEM 2.0 platform, LogRhythm is enabling organisations to baseline normal, day-to-day activity across multiple dimensions of the enterprise. The system then analyses against that baseline the massive volume of log, flow and machine data generated every second to discover anomalies in real time. By doing so, LogRhythm is enabling IT administrators and security professionals alike to detect and respond to even the most sophisticated threats and breaches.
“Today’s cyber threats are more advanced and, in many cases, more stealthy than ever before. Organisations need to understand what ‘normal’ behaviour is across multiple dimensions of their electronic enterprise so they can detect abnormal activity indicative of a threat or breach,” said Chris Petersen, CTO/CoFounder, LogRhythm.
Some first generation SIEMs provide behavioural analysis, but it is most often against a silo of data (e.g., Netflow logs, authentication logs), rather than the universe of enterprise activity data (i.e., logs, flow and machine data). For many organisations, defining normal behavior is a manual process. But manually determining what is normal is extremely difficult if not impossible for most organisations.
In either scenario, IT and security personnel remain blind to much of the behaviour of today’s advanced hackers because the evidence of their activities are buried amidst massive volumes of false positive security events, or they’re mis-categorised altogether as benign or ‘normal’ activities.
Further increasing the crippling volume of false positive events in first generation SIEMs is the inherent lack of data corroboration in these tools. Traditional uses of behavioural and correlative analysis are handled via separate technologies that don’t integrate.
LogRhythm’s multidimensional approach integrates correlative, statistical, behavioral and pattern recognition techniques to corroborate the identification of threats and breaches in real-time.
“Early generation SIEM techniques for correlation and behavioural profiling face a number of challenges in helping midsized-to-large enterprise organisations detect and respond to today’s sophisticated threats,” said Scott Crawford, managing research director, Enterprise Management Associates. “By adding multi-dimensional behavioural analysis to its SIEM platform, LogRhythm introduces a practical, highly intuitive and easy-to-use approach to building a deep level of analysis of log, flow and machine data, placing richer security analytics within reach for enterprises of all sizes.”