LogRhythm 4.0 Gleans More Insight from Log and Event Management

Provides insight through analysis of application and database logs

• By James E. Powell
• 03/19/2008

LogRhythm has updated its integrated log and event management system to further simplify and automate regulatory compliance, enhance information security, and make IT operations more efficient.

LogRhythm 4.0 extends the scope and value of log and event management through four key advancements:

• The Universal Database Log Adapter (UDLAT) provides access to log data generated by any ODBC-compliant database and the applications they support

• New metadata fields can harvest greater intelligence from database and application logs

• Contextual event forwarding technology enables advanced anomaly detection and operational intelligence

• LogMart data mining provides unique data visualization and trend information to support intrusion detection, incident response, audit investigations, forensics, and e-discovery

"LogRhythm's 4.0 release is further proof that the value of comprehensive log and event management extends beyond the realm of traditional SIM platforms alone," said Jon Oltsik, security practice leader at Enterprise Strategy Group, in a statement.

To address regulatory compliance requirements about data privacy, internal audit demands (for greater control and visibility), and the need for improved operations intelligence, LogRhythm 4.0 has extended support to databases. LogRhythm collects, analyzes, alerts, and reports on logs from all ODBC-compliant databases (including Oracle, Microsoft SQL Server, IBM DB2, Informix, and MySQL, among others) without the need for an agent on the database server.

LogRhythm's UDLA also captures data from custom audit logs and applications that run on the database. LogRhythm can detect and send an alert if auditing on the database server is turned off in an attempt to conceal fraudulent activity.

New metadata fields in LogRhythm 4.0 collect and organize information such as network traffic statistics, session and process information, and transaction quantities, amounts, and rates. The information is used to provide visibility about potential insider threats, compliance violations, and other operational risks. This information is combined with new contextual event forwarding to provide real-time identification and alerts about anomalies in application, database, and network activity.

Users can monitor all log activity by specific filename patterns, IP address, host, or user. When security policies are violated, LogRhythm can automatically alert designated individuals via e-mail, pager, existing management applications, and the LogRhythm console.

LogRhythm 4.0 has integrated new visualization, data trending, and search capabilities in its LogMart tool. LogMart aggregates millions of logs in a graphical view to reveal exceptions in security, compliance, and operations over time. It provides user-configurable charting and filtering, allowing users to drill down to individual logs to find the root cause of a problem.

For more information, visit http://www.logrhythm.com.