Delivering business benefit.

The quicker companies can detect and then respond to a cybersecurity breach, the more likely they are to reduce the impact of that breach and likely damage that it may cause. LogRhythm has introduced several new feature improvements to the platform that help companies identify and then respond to threats.

Peterson elaborates on this is a canned statement: “The sophistication and resolve of today’s cyber adversaries continue to rise, as does the number of successful intrusions.

“But an intrusion doesn’t have to lead to a major breach or cyber incident. The innovations in LogRhythm 7 empower IT security teams to detect, respond to and neutralise cyber intruders faster and more efficiently than ever before.”

Companies rarely have too many staff in departments and SOC’s are certainly rarely overstaffed considering the number of potential incidents that occur. LogRhythm therefore focussed their improvements on the two key metrics that are important: MTTD (Mean time to detect) and MTTR (Mean time to respond – to the threats)

For those users already familiar with LogRhythm many of the components have been renamed, this is to reflect the underlying changes in the architecture and the new capabilities that they will be delivering. For example the Event Manager has been renamed Platform Manager (Manager), this reflects the increased capabilities of LogRhythm as it has matured. Data can now be collected from a growing range of sources including Cradlepoint, SNMP, Tripwire, AWS and Salesforce. The Platform Manager also has API’s for integration to other products.

Improving MTTD and MTTR

There are several new features focused around improving the Mean Time to Detect, the increase in availability and the ability to interrogate Big Data are merely the back end improvements that underpin these. While the search capability has improved for SOC analysts it just isn’t scalable. To answer this LogRhythm has introduced some new features such as a threat activity map and also improved the automation within the product.

One customer with early access, Gary Kay, senior information security manager at Checkers Drive-In Restaurants is impressed with the improvements and stated in the release “LogRhythm 7’s incident response orchestration and SmartResponse™ automation capabilities are helping us detect and respond to threats faster than ever.

“Our IT environment is geographically dispersed and ever-evolving, so LogRhythm is an essential tool.”

LogRhythm already had an algorithm that was risk based, but this has now been improved, using additional factors including environmental threat and risk factors that improves its efficiency. What will be interesting is whether LogRhythm sign up to a wider ecosystem of sharing cyberthreat data to further enhance the detection rates for its customers.

SmartResponse™ has been improved so that multiple actions can be initiated by the system following a windows agent alert, this means that either a further information search can be carried out, to help identify the nature and cause of the incident or countermeasures can be immediately deployed that help to reduce MTTD and MTTR. For example an end point could be scanned and/or removed from the network.

The dashboard has been improved not only with additional filters and tools to help analysts respond to incidents faster but the Threat Activity Map Web Widget will also show geographically where incidents are occurring. Thus if malware is detected within a single or multiple branch offices it can quickly be determined whether there are common causes for this and help to identify where the threat originated.

The improvements to orchestration also include greater collaboration capabilities between teams and customised workflows for incident management. Once processes are defined they can automatically be automated. As such serious incidents can be flagged not just within the SOC but also to PR and Marketing as well as senior management in the case of major incidents.

Conclusion

Chris Kissel, Network Security Industry Analyst at Frost & Sullivan (Source LinkedIn)
Chris Kissel, Network Security Industry Analyst at Frost & Sullivan

With the introduction of Elasticsearch and its improvements to SmartResponse™ LogRhythm has introduced its new version at a time when security budgets is likely to be on the rise. Companies looking for a new solution in 2016 will want to review the improvements and identify whether the tool is what they need. Chris Kissel, industry analyst for Frost and Sullivan commenting in the press release said: “Today’s next-gen SOC personnel require highly scalable and extremely efficient solutions to detect intruders quickly and initiate appropriate countermeasures fast enough to avoid a material data breach.

“LogRhythm optimises enterprise security monitoring, detection and response programmes by delivering an integrated product line that supports the end-to-end detection and response workflow. With LogRhythm 7, the company is once again demonstrating its innovation leadership in security intelligence through its use of Elasticsearch, powerful visualisations via its new real-time threat map and with a number of extensions to its automated response framework.”

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here