Latest news
Multi-dimensional analytics tool for big data
Posted on 16 October 2012.
LogRhythm announced the enhancement of its SIEM 2.0 Big Data security analytics platform with the industry’s first multi-dimensional behavioural analytics.
Leveraging innovative and patent-pending behavioural white listing as well as advanced statistical and heuristic behavioural analysis, the enhanced SIEM 2.0 solution empowers organisations of all sizes to detect breaches and the most sophisticated cyber threats of today, faster and with greater accuracy than ever before.
With its innovation to the SIEM 2.0 platform, LogRhythm is enabling organisations to baseline normal, day-to-day activity across multiple dimensions of the enterprise. The system then analyses against that baseline the massive volume of log, flow and machine data generated every second to discover anomalies in real time. By doing so, LogRhythm is enabling IT administrators and security professionals alike to detect and respond to even the most sophisticated threats and breaches.
“Today’s cyber threats are more advanced and, in many cases, more stealthy than ever before. Organisations need to understand what ‘normal’ behaviour is across multiple dimensions of their electronic enterprise so they can detect abnormal activity indicative of a threat or breach,” said Chris Petersen, CTO/CoFounder, LogRhythm.
Some first generation SIEMs provide behavioural analysis, but it is most often against a silo of data (e.g., Netflow logs, authentication logs), rather than the universe of enterprise activity data (i.e., logs, flow and machine data). For many organisations, defining normal behavior is a manual process. But manually determining what is normal is extremely difficult if not impossible for most organisations.
In either scenario, IT and security personnel remain blind to much of the behaviour of today’s advanced hackers because the evidence of their activities are buried amidst massive volumes of false positive security events, or they’re mis-categorised altogether as benign or ‘normal’ activities.
Further increasing the crippling volume of false positive events in first generation SIEMs is the inherent lack of data corroboration in these tools. Traditional uses of behavioural and correlative analysis are handled via separate technologies that don’t integrate.
LogRhythm’s multidimensional approach integrates correlative, statistical, behavioral and pattern recognition techniques to corroborate the identification of threats and breaches in real-time.
“Early generation SIEM techniques for correlation and behavioural profiling face a number of challenges in helping midsized-to-large enterprise organisations detect and respond to today’s sophisticated threats,” said Scott Crawford, managing research director, Enterprise Management Associates. “By adding multi-dimensional behavioural analysis to its SIEM platform, LogRhythm introduces a practical, highly intuitive and easy-to-use approach to building a deep level of analysis of log, flow and machine data, placing richer security analytics within reach for enterprises of all sizes.”
Leveraging innovative and patent-pending behavioural white listing as well as advanced statistical and heuristic behavioural analysis, the enhanced SIEM 2.0 solution empowers organisations of all sizes to detect breaches and the most sophisticated cyber threats of today, faster and with greater accuracy than ever before.
With its innovation to the SIEM 2.0 platform, LogRhythm is enabling organisations to baseline normal, day-to-day activity across multiple dimensions of the enterprise. The system then analyses against that baseline the massive volume of log, flow and machine data generated every second to discover anomalies in real time. By doing so, LogRhythm is enabling IT administrators and security professionals alike to detect and respond to even the most sophisticated threats and breaches.
“Today’s cyber threats are more advanced and, in many cases, more stealthy than ever before. Organisations need to understand what ‘normal’ behaviour is across multiple dimensions of their electronic enterprise so they can detect abnormal activity indicative of a threat or breach,” said Chris Petersen, CTO/CoFounder, LogRhythm.
Some first generation SIEMs provide behavioural analysis, but it is most often against a silo of data (e.g., Netflow logs, authentication logs), rather than the universe of enterprise activity data (i.e., logs, flow and machine data). For many organisations, defining normal behavior is a manual process. But manually determining what is normal is extremely difficult if not impossible for most organisations.
In either scenario, IT and security personnel remain blind to much of the behaviour of today’s advanced hackers because the evidence of their activities are buried amidst massive volumes of false positive security events, or they’re mis-categorised altogether as benign or ‘normal’ activities.
Further increasing the crippling volume of false positive events in first generation SIEMs is the inherent lack of data corroboration in these tools. Traditional uses of behavioural and correlative analysis are handled via separate technologies that don’t integrate.
LogRhythm’s multidimensional approach integrates correlative, statistical, behavioral and pattern recognition techniques to corroborate the identification of threats and breaches in real-time.
“Early generation SIEM techniques for correlation and behavioural profiling face a number of challenges in helping midsized-to-large enterprise organisations detect and respond to today’s sophisticated threats,” said Scott Crawford, managing research director, Enterprise Management Associates. “By adding multi-dimensional behavioural analysis to its SIEM platform, LogRhythm introduces a practical, highly intuitive and easy-to-use approach to building a deep level of analysis of log, flow and machine data, placing richer security analytics within reach for enterprises of all sizes.”
Spotlight
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Hacking charge stations for electric cars
Posted on 15 May 2013. | Ofer Shezaf talks about what charge stations really are, why they have to be ‘smart’ and the potential risks created to the grid, to the car and most importantly to its owner’s privacy and safety.
Daily digest
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
Weekly newsletter
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
