LogRhythm Extends Standard for SIEM 2.0 with LRX Product Line

Organizations can process billions of logs per day while extracting fine-grained security, compliance, and operational intelligence

Note: ESJ’s editors carefully choose vendor-issued press releases about new or upgraded products and services. We have edited and/or condensed this release to highlight key features but make no claims as to the accuracy of the vendor's statements.

LogRhythm announced its new LRX line of integrated log and event management appliances. The LRX line enables organizations to process billions of logs per day while extracting fine-grained security, compliance, and operational intelligence. By combining new Log Deduplication technology, a 64-bit architecture, and deep Active Directory integration with powerful new LRX appliances, LogRhythm raises the bar for SIEM 2.0 capabilities that it established in 2004 with the release of the first integrated log and event management solution.

The collection, normalization, and analysis of log data are now required for compliance with most regulatory mandates and is a critical component of in-depth security strategies. With organizations generating hundreds of millions of logs per day, a manual or homegrown approach is no longer feasible. The acuteness of the challenge is captured by the SANS institute estimate that up to 25 percent of all enterprise data can be log data.

To help organizations crunch mountains of log data and detect key events in real-time, LogRhythm's new LRX line of appliances feature new Log Deduplication technology and 64-bit performance. Using Log Deduplication, LogRhythm LRX appliances efficiently handle redundant data to significantly reduce storage requirements and costs while delivering lightning fast searches. Organizations can keep all of their log data, while reducing storage overhead by up to 90 percent. Furthermore, the LRX line delivers new levels of performance, analysis, and correlation of network flow data and host data.

To help provide early detection of insider threats and other suspicious user activity, LogRhythm has supplemented its user activity monitoring capabilities to include deep integration with Active Directory (AD). By automatically synchronizing with AD domains and sub-domains, LogRhythm provides visibility into actions by AD users, groups, and group members. In addition, AD group filters can be applied for searches, alerts, and other analysis functions to help organizations detect and protect against suspicious activity by employees, contractors, and other trusted users with access to network resources.

Delivering SIEM 2.0

LogRhythm l introduced the first fully integrated enterprise-class log and event management solution for security, compliance, operations, and business intelligence applications. The company is delivering second-generation SIEM solutions that customers are looking for, characterized by:

  • Fully integrated log management, log analysis, and event management

  • Enhanced network, host, and data awareness through file integrity monitoring, network flow analysis, and endpoint monitoring and control

  • User activity monitoring across all network, host, and application layers

  • Ease of use, implementation, and support

  • Next-generation analytics, search, and forensics

  • A highly scalable building-blocks architecture

  • A focus on total performance that addresses collection, processing, search, alerting, reporting, restoration, and forensics

  • A design architected to be extensible for multiple applications and uses

"Logs represent the digital fingerprints of activity that occurs within an organization's IT infrastructure. They are the single richest source of data for understanding what is happening at the network, system, and application layer as it affects security, compliance and operations," said Chris Petersen, co-founder and CTO of LogRhythm. "However, first generation log management and SIEM products lack the integration, performance, and 'full-stack' monitoring capabilities required to deliver the full potential of this technology platform. With the LogRhythm LRX line, we are delivering what customers want in a SIEM 2.0 product -- a single, integrated solution that provides unprecedented visibility across the entire IT stack. Our log and event management platform, combined with file integrity monitoring, user activity monitoring, data-leak protection, and network flow analysis provides the end-to-end analysis capabilities required to monitor and protect today's ever changing and often targeted networks."

LogRhythm LRX appliances are available now; prices start at $25,000. More information is available at www.logrhythm.com.