LogRhythm 7 is being rolled out around the world, with upgrades to search, scalability, performance and security features.
The company says version 7 of the security intelligence and analytics platform provides the visibility, automation and incident response orchestration capabilities required by the next-generation security operations centre (SOC).
The platform collects information from thousands of disparate data sources, then analyses and prioritises the data and events. The resulting information is then available to SOC personnel, says LogRhythm.
In its 2015 Global Cost of Data Breach Study, the Ponemon Institute cited a continual rise in cyber attack frequency and the costs associated with resolving cyber incidents.
As such, IT teams are increasingly required to improve their visibility and analytics capabilities to detect intruders and respond faster, in order to avoid a material breach or high-impact cyber incident.
“The sophistication and resolve of today’s cyber adversaries continue to rise, as does the number of successful intrusions,” says Chris Petersen, LogRhythm senior vice president of products CTO and co-founder.
He says LogRhythm focuses on enabling IT security teams to detect, respond and neutralise cyber intruders, so an intrusion doesn’t have to lead to a major breach or incident.
LogRhythm 7 includes key updates and features, including:
The introduction of Elasticsearch enables full-text unstructured search capabilities. When combined with LogRhythm’s contextual search, users can launch faster investigations of data, the company says.
LogRhythm 7 introduces significant software and architectural improvements at the data processing and indexing tier.
This includes up to 300% improvement in data indexing performance on a per-node basis; the ability to separately and optimally scale data processing and indexing; active/active high-availability data processing and indexing; and the introduction of Elasticsearch and clustering at the indexing tier.
With these combined improvements, LogRhythm 7 supports large data management workloads with less compute and storage resources, while delivering high availability, says the company.
LogRhythm 7 endeavours to make SOC personnel and management more efficient and informed across monitoring, investigation and incident response workflows.
As a whole, improvements to the platform help organisations improve operational effectiveness of existing staff, while reducing mean-time-to-detect (MTTD) and mean-time-to-respond (MTTR) to threats, LogRhythm says.
The real-time threat activity map provides interactive visualisations depicting geographic origin and targets of active threats, enabling SOC analysts to detect and respond more quickly to concerning attack patterns.
A new risk-based-scoring algorithm uses environmental threat and risk factors to yield a higher level of precision in prioritising alarms, enabling more efficient, risk-aligned monitoring operations.
Incident response orchestration advancements improves support for customised SOC workflows, cross-team collaboration capabilities and management visibility into active incidents.
Extensions to the SmartResponse Automation Framework enable multiple pre-staged actions from a single alarm, as well as centralised management of actions from remote locations.
These extensions also allow customers to automate a variety of common investigatory and remediation actions at the endpoint, such as scanning an attacked endpoint and/or quarantining it from the network, easily and effectively.
“Today’s next-gen SOC personnel require highly scalable and extremely efficient solutions to detect intruders quickly and initiate appropriate countermeasures fast enough to avoid a material data breach,” says Chris Kissel, Frost and Sullivan industry analyst.
“LogRhythm optimises enterprise security monitoring, detection and response programmes by delivering an integrated product line that supports the end-to-end detection and response workflow.
“With LogRhythm 7, the company is once again demonstrating its innovation leadership in security intelligence through its use of Elasticsearch, powerful visualisations via its new real-time threat map and with a number of extensions to its automated response framework,” he says.