LogRhythm’s Security Analytics Platform: Product Overview

By Dan Sullivan – TechTarget

Expert Dan Sullivan examines LogRhythm’s Security Analytics Platform, a product that leverages big data analytics and machine learning to help protect enterprises.

LogRhythm’s Security Analytics Platform is one of several security applications that leverage big data technologies to help mitigate the risk of targeted, persistent threats. It is part of an emerging class of big data security analytics products that are designed to capture, integrate, analyze and store at higher rates and volumes than found in earlier generation security information and management products.

LogRhythm Security Analytics covers a range of analytics areas across an enterprise attack surface, such as user behavior and network anomalies. The platform is designed to give enterprises a holistic view of potential threats using risk-based analytics. Enterprise customers have the option of customizing analytics rules of the platform or using preset threat detection and compliance modules. The security analytics platform also offers users the ability to search, collect and correlate forensic data in the event of a security incident or data breach.

How it works

The big data security analytics platform incorporates advanced analytics technologies for correlation and pattern recognition, as well as multidimensional analysis across users and endpoints. The platform uses machine learning for advanced threat detection; specifically, LogRhythm’s artificial intelligence engine offers continuous automated analysis of different types of data to correlate and identify potential threats. The AI engine comes with nearly 1,000 preconfigured correlation rule sets as well as GUI for security managers to create and customize their own rules.

LogRhythm Security Analytics also offers a forensics analytics feature. The forensics analytics tool is powered by Elasticsearch, an open source search engine, and is designed to help security managers search through large amounts of data quickly using contextual criteria and full-text terms.

In addition, the platform takes advantage of the LogRhythm Knowledge Base, which is regularly updated with new intelligence and components for integrating with endpoint devices. For example, the knowledge base includes rules for parsing over 600 different types of logs and specialized modules for privileged user monitoring, user and endpoint anomaly detection and web application defenses.

There is substantial support for compliance reporting within the LogRhythm Security Analytics platform, including HIPAA, PCI DSS, the Sarbanes-Oxley Act, the Gramm-Leach-Bliley Act, FISMA, ISO 27001 and NERC-CIP regulations.

The security analytics platform can work in conjunction with the LogRhythm Security Intelligence Platform, which offers both traditional SIEM capabilities as well as threat intelligence services.

Support, cost and deployment

LogRhythm provides a number of customer support options, the two most popular being Standard Support and the premium-level Platinum Support. The standard tier offers access to the LogRhythm support portal and access to user forums as well as technical phone support. Phone support is available from 7am to 6pm MST in this tier. Platinum Support, meanwhile, offers 24/7 phone and email support in addition to other standard-level support options.

The platform can be deployed as high performance appliances or as a software application in a virtual environment. For pricing information, contact the vendor.

Conclusion

The LogRhythm Security Analytics Platfrom provides a consolidation point for endpoint and network event data. Its machine learning capability is an essential feature for detecting anomalous events as they occur as well as for supporting forensic analysis, while its support for compliance reporting across a number of major regulations will appeal to businesses in regulated industries. Businesses looking to consolidate device and network logging and analysis may find a good fit with LogRhythm Security Analytics platform.