Improved data processing speed and automation are usually the key capabilities being added to any security product these days, and LogRhythm is the latest to follow the trend.
The company, known for its security information and event management (SIEM) suite, said Thursday these are they key ingredients of the new version 7.2 upgrade to the security intelligence and analytics platform that underlies all of its products.
“One of the big challenges is organizations just don’t have enough security people to throw at the [security] problem, so a goal of ours is how do we automate and make the analysis process as efficient as possible the people you do have are highly effective,” company CTO and co-founder Chris Petersen said in an interview.
The platform enables visibility, data collection and analytics. Improvements include
–Better performance: Up to a 200 per cent increase in performance ingesting data, which the company says critically important to large enterprises such as those exceeding 100,000 messages a second. It could mean reducing the number of rack units supporting LogRhythm applications while supporting the same workloads, Petersen said.
Also, the onboarding data from a variety of enterprise sources is easier. “You can simply point devices to use” – for example a firewall — “and we will intelligently recognize the device, automatically pre-configure it and begin to process that data.” Until now administrators had to do configurations manually;
–Support for more data sources: Twenty more metadata fields have been added to the platform’s data structure. Also support has been extended to a total of 785 data sources (including operating systems, applications, security systems). In addition, there’s more visibility into cloud infrastructure workloads such as Amazon Web Services, Salesforce and others;
–Improvements to the User and Entity Behavioral Analytics (UEBA) module, which analyzes log data on user activity to identify compromised accounts, privilege misuse and data theft. The new module adds improved threat detection algorithms, stronger kill chain corroboration and improved real time dashboards that help admins with threat hunting;
–Improved security automation and orchestration capabilities allowing security teams to move an alarm into a case and add information for investigation. There are 20 new automated actions giving teams automated playbooks for incident response.
LogRythm competes against other SIEM products including IBM QRadar, Hewlett Packard Enterprises’ ArcSight, Splunk, McAfee Enterprise Security Manager and others.