Story image

LogRhythm launches solution to address network-borne threats

11 Mar 2019

LogRhythm has today announced the release of LogRhythm NDR, an automated network security solution for detecting, qualifying, investigating and responding to advanced network-borne threats.

LogRhythm NDR is especially geared towards those with operational technology (OT) security needs and short-staffed teams.

ESG senior principal analyst Jon Oltsik says, “Incident response teams need detailed network information and key forensics insight to investigate incidents — yet they may not have network forensics expertise, or the time needed for detailed forensic investigation and packet analysis.”

“A solution like LogRhythm NDR can help provide the automation that security teams need to detect and respond to threats earlier in their lifecycle,” he says.

“As a result, LogRhythm NDR can help eliminate time-consuming manual tasks, while allowing security analysts to focus on the higher-value activities that require direct human touch.”

This automation is especially important in today’s world, where security teams are notoriously understaffed.

According to a new study by ISC, the world’s largest nonprofit association of certified cybersecurity professionals, there is a deficit of almost three million cybersecurity jobs globally, putting organisations at greater risk of cyberattack.

LogRhythm co-founder and chief product and technology officer Chris Petersen says, “Security teams are often understaffed, overwhelmed by false positives and lack the necessary network visibility and analytics required to detect and respond to network-borne threats.”

“With the introduction of LogRhythm NDR, security teams now have the necessary visibility, analytics and automation to surface hard-to-see threats no matter how resource-constrained they might be.”

LogRhythm NDR combines Layer 7 network traffic monitoring, full packet capture, multi-method threat detection, and workflow automation.

This offering aims to empower organisations to detect and respond to a wide variety of network-borne threats that might otherwise fly under the radar.

Uncover hidden threats with deep network visibility and forensics

LogRhythm NDR leverages appliance and software sensors that deliver deep network traffic visibility into data centres, operational technology infrastructures, remote sites, and public/private cloud.

Some of its capabilities include:

  •      Application identification and deep meta-data extraction of encrypted and unencrypted network sessions

  •      Recognition of 19 Supervisory Control and Data Acquisition (SCADA) protocols

  •      Always-on or selective, full packet capture, enabling full-fidelity forensic analysis

Accurate threat detection through multi-method network threat analytics 

LogRhythm NDR takes advantage of LogRhythm’s security analytics capabilities, combined with on-sensor methods, to deliver comprehensive, high-accuracy threat detection.

Notable threat detection methods include:

  •      Deep inspection of traffic metadata against known indicators of compromise (IOCs)

  •      Scenario modeling for known tactics, techniques, and procedures (TTPs)

  •      Behaviour profiling and anomaly detection for insider and zero-day threats

Reduced response times with high-efficiency workflows powered by automation

LogRhythm NDR leverages workflow-integrated security orchestration, automation and response (SOAR) features to empower security teams of all sizes to quickly triage, investigate and neutralise threats.  Notable capabilities include:

  •      Real-time monitoring of alarms with rapid access to forensic information and threat intelligence

  •      Case management, delivering secure collaboration and centralisation of forensic evidence

  •      Guided, customisable playbooks for tracking, documenting and enforcing defined workflows

  •      100s of automated actions that simplify investigations and enable immediate response

  •      Metrics for measuring, reporting and improving security team effectiveness

Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.
One Identity named Leader in PAM and IAM by KuppingerCole
KuppingerCole lead analyst Anmol Singh evaluated the strengths and weaknesses of 20 solution providers in the PAM market for the report.
Healthcare environments difficult to secure - Forescout
The convergence of IT, Internet of Things (IoT) and operational technology (OT) makes it more difficult for the healthcare industry to manage a wide array of hard-to-control network security risks.
Bitglass appoints new cloud, business development leaders
The cloud security company has appointed vice presidents for worldwide channels and worldwide business development.
Exploring the different needs for cloud services across Europe
Although digital transformation is happening across Europe, each country continues to have its own IT needs and the different cloud markets highlight this.