LogRhythm Closes Network Security Visibility Gap

Addition of process/connection monitoring, geolocation, network visualization to integrated log management/SIEM platform provides clearer picture of threats

Note: ESJ’s editors carefully choose vendor-issued press releases about new or upgraded products and services. We have edited and/or condensed this release to highlight key features but make no claims as to the accuracy of the vendor's statements.

LogRhythm has announced a new version of its integrated Log Management/SIEM platform that provides holistic visibility and relationship mapping of network activity. To help organizations detect and mitigate threats from inside and outside the firewall, LogRhythm now monitors system processes and network connections on endpoints, provides geolocation of hosts, and maps relationships through network visualization. This global view of network activity adds context to logs and security events to expose patterns and exceptions that would otherwise go undetected.

LogRhythm Process Monitor provides independent monitoring of processes running on a host, including the process name and ID, who started it, when it was started, stopped, its duration, etc.

LogRhythm Connection Monitor logs all network activity such as listening services, inbound connections, and outbound connections to/from a host including local and remote IP addresses and ports, connection state, direction, duration, and more. These capabilities, combined with LogRhythm's existing file integrity monitoring and endpoint monitoring and control, provide comprehensive forensic data collection of activity on networks and hosts.

For organizations that want to combine location information with relationship mapping between hosts associated with internal, inbound, or outbound activity, LogRhythm now provides geolocation data for both logs and security events. This capability enables security teams to know where an activity originated, its destination, and the impacted hosts, in order to detect potential attacks and data leaks.

For example, using white or black lists, administrators can create alerts to generate alarms when data is transferred outside the country, or to unfriendly countries, regions, etc., or when VPN connections originate from unauthorized locations. When combined with LogRhythm's new network visualization capabilities, geolocation reveals behaviors, patterns, and trends that warrant investigation and/or require corrective action to mitigate security threats.

To reveal hidden threats, trends, and security violations, LogRhythm provides a network visualization tool that maps host-to-host activity, relationships within the enterprise network, and inbound/outbound communications. By rolling together logs, security events, connection monitoring data, and geolocation information, LogRhythm provides an eye-in-the-sky perspective of activity that spans endpoints as well as network traffic. At a glance, security administrators can identify where suspicious activity is occurring, the scope of the risk or impact, and its origins from inside and outside the enterprise.

LogRhythm has added a new line of High Availability (HA) appliances to its LRX lineup. These HA solutions provide full data and system replication and unattended failover to deliver enterprise-level reliability for LogRhythm's Log Management and SIEM 2.0 solutions.

The new version of LogRhythm is available immediately from LogRhythm and its business partners worldwide. Pricing starts at $25,000. For more information, visit www.logrhythm.com.