Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Pattern Recognition Technology Added To SIEM Platform

LogRhythm : 10 February, 2011  (New Product)
Advanced Intelligence Engine from LogRhythm released in beta version with new technology for the detection of intrusion attempts and zero-day attacks
LogRhythm has announced Advanced Intelligence (AI) Engine for its integrated SIEM 2.0 (security information & event management) platform which  transforms the creation of complex pattern recognition policies into a simple drag and drop operation.  The AI Engine enables organisations, without writing any scripts, to detect sophisticated intrusions, fraud, insider threats, zero-day attacks, advanced persistent threats (APT) and other suspicious activity that would otherwise go unnoticed.  AI Engine goes beyond simple correlation and provides advanced pattern recognition capabilities that identify related events, statistical deviations, and behavioral abnormalities within all log data, rather than just a pre-filtered subset of security events.  AI Engine users also have immediate access to all relevant forensic data enabling rapid investigations and remediation.   

“LogRhythm has removed the two biggest barriers to making pattern recognition within log and SIEM data really work - they’ve made it incredibly easy to create and modify sophisticated rules and apply those rules against all log data,” said Chuck Daye, Senior Vice President and MIS Administrator at The First National Bank and Trust Company, Chickasha, Oklahoma.  “With a broad library of rule sets available out-of-the-box and highly intuitive GUI, AI Engine will enable us to gain much broader visibility to threats and risks in our datacentre, branches, and even ATM locations.”

Organisations are increasingly being targeted by surgical and sophisticated attacks.  According to the Verizon/Secret Service 2010 Data Breach Investigations Report, 54 percent of all breaches involved modified or custom malware.  Since custom attacks cannot be detected with traditional signature-based security solutions, a more comprehensive approach to identifying threats is necessary.  To make the invisible visible across the largest IT networks, the LogRhythm AI Engine goes beyond basic correlation and performs pattern recognition on all log and SIEM data in real-time.  Traditional SIEM 1.0 products only correlate on the 1-5 percent of logs deemed to be security events at the time of capture.

The ability of AI Engine to perform pattern recognition enables LogRhythm to identify threats and conditions that do not follow a sequential “if a, then b, then c” pattern, and would not be detected by traditional correlation rules.  Leveraging LogRhythm’s universal time-stamping function, AI Engine’s TrueTime™ feature ensures that pattern recognition and correlation on all logs is based upon the actual time of occurrence rather than the time of collection or analysis, thus minimising false positives and avoiding false negatives.  

To create or modify advanced pattern recognition rules extremely quickly and easily, AI Engine features a highly intuitive graphical user interface that uses point and click, drag and drop operations rather than complex scripting.  The AI Engine provides a building block work flow palette for creating pattern recognition policies, a large library of pre-defined immediately usable rules, a common event language of English terms and over 50 intuitive metadata fields to further define policies.  For the first time, creating, modifying and managing complex rules is simple.  The AI Engine provides the flexibility to create very granular rules for detecting specific patterns, exceptions or conditions, and the ability to apply more general rules for broader visibility.

“Until now, building correlation rules in SIEM products has effectively required a PhD in scripting languages and a very precise understanding of the activity, condition or exception you were looking for,” said Chris Petersen, co-founder and CTO of LogRhythm.  “We designed the LogRhythm AI Engine to harness hybrid analysis techniques applied across all log data to deliver next generation pattern recognition capabilities, including complex correlation.  We focused on delivering what is inherently sophisticated via an easy-to-use, wizard-based rule builder that empowers our customers with new levels of visibility into intrusions, insider threats, and network abuse that would likely go unnoticed by first generation SIEM products.”

AI Engine performs pattern recognition on multiple variables and contextual information, enabling organisations to detect and protect against sophisticated attacks that fly under the radar of traditional security solutions.  Some examples include:

    * Same account being used to login from two different countries nearly simultaneously

    * Data leaving the network destined for a rogue nation

    * Non-email servers sending thousands of SMTP messages to hosts across the world (i.e. a botnet infestation sending spam)

    * Observing the exact same error message on more than 100 different servers

    * A user downloading a statistically large number of account records from a CRM database

The LogRhythm AI Engine is in beta and will be available next month.  LogRhythm AI Engine appliances support up to 1 billion logs per day.  The AI Engine is also available in a software form factor that can be deployed in VM environments including VMWare, Microsoft and Citrix.  The AI Engine integrates seamlessly with any existing LogRhythm deployment. 
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo