New SIEM functionality from LogRhythm baselines behavior for anomaly detection and security automation When I look toward the future of security analytics, there are a few predictions I can make with absolute certainty. In the very near future, security analytics tools will:1. Collect, process, and store terabytes of data on-line at all times.2. Correlate data instantly and simultaneously from all layers of the technology stack.3. Associate data patterns with users and devices.4. Provide greater intelligence for incident detection and automation for incident response.Enterprise organizations have an urgent need for these types of security analytic capabilities and are willing to rip and replace older tools to get there. This will have a profound effect on the SIEM market as innovative technology companies have a golden opportunity to disrupt the status quo.Case in point: LogRhythm made an interesting announcement last week that could serve as a harbinger of things to come. The Colorado-based SIEM vendor introduced what it calls “multi-dimensional behavior analytics.” Forget the fancy name; LogRhythm can now collect application, asset, host, network, security intelligence feed, user, vulnerability, and other types of data and then establish a baseline of what normal IT behavior looks like. Once this model is created, Log Rhythm can detect anomalous behavior across any individual IT entity or combinations of IT entities (such as end-to-end application flows to particular users and/or groups). When CISOs have a good idea of what is normal, it is far easier to create rules for workflows, forensic investigations, and automated remediation. With its new product release, LogRhythm figured out something that the security industry has long overlooked. Many security analytics platforms have advanced capabilities for data correlation and custom rules generation. The problem is that information security analytics have grown so complex that many security professionals have no idea what to look for or how to tune their systems. LogRhythm alleviated this human knowledge gap by making its technology more intelligent. In this scenario, computers do the heavy lifting analytics leaving humans to react quickly to these analytics with business, policy, and technology decisions.Over the past 10 years, cybersecurity monitoring has progressed from monitoring firewalls and IDSs to multi-dimensional quantum analytics. Since most security professionals have no idea how to cope with this exponential shift, we need security analytics tools like LogRhythm that do. Without them, we don’t stand a chance. Related content analysis 5 things security pros want from XDR platforms New research shows that while extended detection and response (XDR) remains a nebulous topic, security pros know what they want from an XDR platform. By Jon Oltsik Jul 07, 2022 3 mins Intrusion Detection Software Incident Response opinion Bye-bye best-of-breed? ESG research finds that organizations are increasingly integrating security technologies and purchasing multi-product security platforms, changing the industry in the process. By Jon Oltsik Jun 14, 2022 4 mins Security Software opinion SOC modernization: 8 key considerations Organizations need SOC transformation for security efficacy and operational efficiency. Technology vendors should come to this year’s RSA Conference with clear messages and plans, not industry hyperbole. By Jon Oltsik Apr 27, 2022 6 mins RSA Conference Security Operations Center opinion 5 ways to improve security hygiene and posture management Security professionals suggest continuous controls validation, process automation, and integrating security and IT technologies. By Jon Oltsik Apr 05, 2022 4 mins Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe