LogRhythm boosts automation, processing in security platform

Improved data processing speed and automation are usually the key capabilities being added to any security product these days, and LogRhythm is the latest to follow the trend.

The company, known for its security information and event management (SIEM) suite, said Thursday these are they key ingredients of the new version 7.2 upgrade to the security intelligence and analytics platform that underlies all of its products.

“One of the big challenges is organizations just don’t have enough security people to throw at the [security] problem, so a goal of ours is how do we automate and make the analysis process as efficient as possible the people you do have are highly effective,” company CTO and co-founder Chris Petersen said in an interview.

The platform enables visibility, data collection and analytics. Improvements include

–Better performance: Up to a 200 per cent increase in performance ingesting data, which the company says critically important to large enterprises such as those exceeding 100,000 messages a second. It could mean reducing the number of rack units supporting LogRhythm applications while supporting the same workloads, Petersen said.

Also, the onboarding data from a variety of enterprise sources is easier. “You can simply point devices to use” – for example a firewall — “and we will intelligently recognize the device, automatically pre-configure it and begin to process that data.” Until now administrators had to do configurations manually;

logrhythm-dashboard

–Support for more data sources: Twenty more metadata fields have been added to the platform’s data structure. Also support has been extended to a total of 785 data sources (including operating systems, applications, security systems). In addition, there’s more visibility into cloud infrastructure workloads such as Amazon Web Services, Salesforce and others;

–Improvements to the User and Entity Behavioral Analytics (UEBA) module, which analyzes log data on user activity to identify compromised accounts, privilege misuse and data theft. The new module adds improved threat detection algorithms, stronger kill chain corroboration and improved real time dashboards that help admins with threat hunting;

–Improved security automation and orchestration capabilities allowing security teams to move an alarm into a case and add information for investigation. There are 20 new automated actions giving teams automated playbooks for incident response.

LogRythm competes against other SIEM products including IBM QRadar, Hewlett Packard Enterprises’ ArcSight, Splunk, McAfee Enterprise Security Manager and others.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now