Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Holistic Threat Visibility Including Geolocation Technology

LogRhythm : 22 June, 2010  (New Product)
LogRhythm's Log Management and SIEM platform provides extended visibility for network security management to provide a complete, holistic approach to threat and vulnerability management across the network
LogRhythm has announced a new version of its integrated Log Management/SIEM platform that eliminates information security blind spots by providing holistic visibility and relationship mapping of network activity. To help organisations detect and mitigate threats from inside and outside the firewall, LogRhythm now monitors system processes and network connections on endpoints, provides Geolocation of hosts, and maps relationships through network visualization. This global view of network activity adds context to logs and security events to expose patterns and exceptions that would otherwise go undetected.


"In order to detect sophisticated threats including targeted attacks and abuse by privileged users, SIEM/Log Management platforms need to extend visibility, awareness and forensic context to activity throughout the enterprise," said Jon Oltsik, senior principal analyst for IT analyst and business strategy firm Enterprise Strategy Group. "LogRhythm continues to be one of the pace setters in this regard by delivering innovations in host and network-level awareness, Geolocation mapping for logs and events and new visualization techniques that yield intelligence and insight from log data, not just random pieces of a puzzle. The new enhancements to the LogRhythm platform reveal the bigger picture by exposing patterns and relationships concealed in countless security records and events."


To enable organisations to gain 360 degree visibility of network and host activity for security and compliance management, LogRhythm has added process and connection monitoring to fill information gaps that are not addressed by standard logging. LogRhythm Process Monitor provides independent monitoring of processes running on a host, including the process name and ID, who started it, when it was started, stopped, duration, etc. LogRhythm Connection Monitor logs all network activity such as listening services, inbound connections, and outbound connections to/from a host including local and remote IP addresses and ports, connection state, direction, duration, and more. Whether it's a rogue peer-to-peer client running on a laptop or an unauthorised SMTP server on the network, LogRhythm's enhanced System Monitor agent will provide the visibility and awareness necessary to take appropriate action. These capabilities, combined with LogRhythm's existing file integrity monitoring and endpoint monitoring & control, provide comprehensive forensic data collection of activity on networks and hosts.

For organisations that want to combine location information with relationship mapping between hosts associated with internal, inbound or outbound activity, LogRhythm now provides Geolocation data for both logs and security events - an industry first. This capability enables security teams to know where an activity originated, its destination and the impacted hosts, in order to detect potential attacks and data leaks. For example, using white or black lists, administrators can easily create alerts to generate alarms when data is transferred outside the country, or to unfriendly countries, regions, etc., or when VPN connections originate from unauthorised locations. When combined with LogRhythm's new network visualization capabilities, Geolocation quickly reveals behaviours, patterns and trends that warrant investigation and/or require corrective action to mitigate security threats.

"From day one, LogRhythm has been focused on helping customers fill the 'visibility gaps' on their networks. While logs provide tremendous value on their own, they often don't provide the complete story," said Chris Petersen, co-founder and CTO of LogRhythm. "This new version of LogRhythm expands our ability to independently monitor and capture critical forensic information. By providing a more complete picture of activity occurring across the enterprise, LogRhythm makes it easier to detect sophisticated intrusions, insider threats, compliance violations, and operational problems that would otherwise be overlooked or discovered only after the damage was done."

To reveal hidden threats, trends, security violations, and more, LogRhythm provides a powerful new network visualization tool that maps host-to-host activity, relationships within the enterprise network, and inbound/outbound communications. By rolling together logs, security events, connection monitoring data, and Geolocation information, LogRhythm provides an eye-in-the-sky perspective of activity that spans endpoints as well as network traffic. At a glance, security administrators can quickly identify where suspicious activity is occurring, the scope of the risk or impact, and its origins from inside and outside the enterprise. Some examples include:

* Pinpointing the source of remote authentications and their frequency
* Detecting if a compromised host has connected to or attacked another internal host
* Knowing if hosts containing sensitive data have connected to hosts residing outside authorised operating locations (i.e., rogue nations, competitors, etc.)


To complement its existing fault tolerance capabilities, LogRhythm has added a new line of High Availability (HA) appliances to its award winning LRX lineup. These HA solutions meet the growing demand for business continuity assurance of enterprise Log Management/SIEM processes. They provide full data and system replication and unattended failover to deliver enterprise-level reliability for LogRhythm's Log Management and SIEM 2.0 solutions.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo