LogRhythm delivers an enterprise-class Security Intelligence Platform for managed service provider (MSP/MSSPs) that empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. Our platform unifies next-generation SIEM, log management, network and endpoint forensics, and advanced security analytics.
Next Generation SIEM LogRhythm is the only SIEM designed to support the end-to-end threat detection and response workflow—what we call Threat Lifecycle Management™. Realize streamlined operations and lower total cost of ownership with our unified platform features:
- Automated Machine Analytics
- High Performance Log Management
- Network and Endpoint Monitoring
SmartResponse SmartResponse™ uniquely enables automated incident response. It also allows semi-automated, approval-based operation so users can review the situation before countermeasures are executed. LogRhythm reduces the time needed to perform common investigation and mitigation steps, preventing high-risk compromises from snowballing. Examples include triggering a vulnerability scan on a suspect endpoint, and more drastic measures such as quarantining a compromised endpoint or disabling a suspect user account. Incident response teams are empowered with pre- packaged and customizable plug-ins, which can reduce time to respond from days to minutes. SmartResponse use case examples include:
• Endpoint Quarantine: Identify the network port where a suspicious device is located and disable the port/device.
• Suspend Users: If an account compromise is suspected, halt a user’s account access—no matter what device they use.
• Collect Machine Data: In the case of malware, SmartResponse can gather forensic data from the suspect endpoint.
• Suspend Network Access: If data exfiltration is occurring, the incident response team can kill the connection by updating the access control list used by corporate firewalls.