On Wednesday, SIEM vendor LogRhythm announced the latest release of its SIEM-focused security intelligence platform, LogRhythm 6.0. The release is a step forward, and includes pattern recognition and responsive monitoring, which can act on its own if warranted. In addition, baseline changes offer faster indexing and processing of logs, as well as increased storage capacity.
In a briefing with SecurityWeek, Chris Petersen, CTO and co-Founder, and Mike Reagan, VP of Marketing and Business Development, offered an overview some of the new features.
To start, LogRhythm 6.0 was in development for nearly a year. The planning and development centered on three areas: defense, detection, and response.
Half of the company’s clients deploy LogRhythm as a first SIEM solution. Once in place, many are surprised to see the amount of raw data that lives on their network. Sometimes, the data is there, but enterprises were either unaware of it or couldn’t understand it. First Gen SIEM users, who are moving up to new technologies, are amazed at the additional data and information that wasn’t there previously.
The idea was to expand on the ways information can be delivered to the right people at the right time (tailored to their role and unique needs when it comes to the level of detail), but also offer them the ability to relax if needed and let the system do the heavy lifting.
For example, situational awareness, and target profiling, along with host and user activity monitoring in the latest version, will allow organizations the chance to spot trends. If a user in accounting is known to use the same host and location when connecting remotely, day in and day out, this sets an easily spotted pattern. However, alarms should be noted if that pattern changes suddenly.
If flags are raised, LogRhythm’s SmartRemediation technology can act on its own and resolve the issue, or start a chain of events that create a logical workflow for administrators, including a number of responses to a given situation.
Version 6.0 also includes the introduction of Knowledge Modules. These are pre-packaged, tailored content aligned with specific regulatory mandates, use cases, or functions. They can be applied instantly, or on a case by case basis, and are included in the maintenance contract.
The remediation is the biggest feature to the new release, as it has the ability to slash response times, and allow IT departments to better allocate resources.
According to soon to be released research from the Enterprise Strategy Group, 74-percent of enterprise respondents (who held InfoSec roles at orgaizations with more than 1,000 employees), said that they were considering adopting automated remediation tools. With that in mind, LogRhythm seems to be in the right place at the right time.
The 6.0 release is available now.
Related Reading: Security Intelligence: A Spy Story
Related Reading: Challenges and Strategies for Log Management In The Cloud
