• United States



Contributing Writer

LogRhythm Takes SIEM To The Next Level

Oct 12, 20112 mins
Cisco SystemsData and Information SecurityIBM

New release improves situational awareness, useability, and automated response

Last week may have been the all-time high-point for security management with McAfee’s acquisition of Nitro Security followed by IBM’s purchase of Q1 Labs. Why all of the activity? Security management requirements are rapidly changing, moving away from log filtering and compliance reporting to comprehensive situational awareness and deep analytics. To their credit, McAfee and IBM recognized these changes and used cash to jump into the pool.

Continuing the security management momentum, Colorado-based LogRhythm announced version 6.0 of its SIEM platform this week. The news may not seem as big as two major acquisitions, but LogRhythm’s new release really exemplifies what’s needed for next-generation SIEM platforms, such as:

1. Deep situational awareness: Old-school SIEM kept track of log events generated by perimeter security devices or across the network. This is no longer. In its new release, LogRhythm expands its view to monitor traffic, events, and anomalies across networks, hosts, and user behavior. You can then use this information for analysis, forensic investigations, or IT operations planning. Given the scaling needs associated with collecting and analyzing massive amounts of data, LogRhythm also bolstered performance in its new release.

2. Canned rule sets. Even large well-funded organizations are struggling to recruit and retain security professionals with advanced skills. In fact, ESG Research indicates that 22% of mid-market (i.e. 100-999 employees) and enterprise (i.e. 1,000 employees or more) organizations have a problematic shortage of information security skills. LogRhythm 6.0 addresses the skills gap with technology by embedding “knowledge modules” tailored to different use cases or specific user functions.

3. Automated response. Soon-to-be published ESG Research indicates that large organizations are actively automating more and more security remediation activities — especially in light of increasingly sophisticated attacks. LogRhythm demostrates that it gets this requirement by adding “SmartRemediation” automation to its 6.0 offering. I’ve heard that LogRhythm has really grown revenue over the past few years and I now understand why — the company’s 6.0 revision is in the sweet spot of a big and lucrative market transition.

Contributing Writer

Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

More from this author