LogRhythm addresses advanced network-borne threats

LogRhythm has released LogRhythm NDR, an automated network security solution for detecting, qualifying, investigating and responding to advanced network-borne threats. While LogRhythm NDR benefits all organisations and security teams of any size, it is especially well-suited for those with operational technology (OT) security needs and short-staffed teams.

“Incident response teams need detailed network information and key forensics insight to investigate incidents — yet they may not have network forensics expertise, or the time needed for detailed forensic investigation and packet analysis,” said Jon Oltsik, senior principal analyst at ESG. “A solution like LogRhythm NDR is a welcome addition to the marketplace, because it can help provide the automation that security teams need to detect and respond to threats earlier in their lifecycle. As a result, LogRhythm NDR can help eliminate time-consuming manual tasks, while allowing security analysts to focus on the higher-value activities that require direct human touch.”

This automation is especially important in today’s world, where security teams are notoriously understaffed. According to a new study by (ISC)2, the world’s largest nonprofit association of certified cybersecurity professionals, there is a dramatic deficit of almost three million cybersecurity jobs globally, putting organisations at greater risk of cyberattack.

“Security teams are often understaffed, overwhelmed by false positives and lack the necessary network visibility and analytics required to detect and respond to advanced network-borne threats,” said Chris Petersen, co-founder and chief product and technology officer at LogRhythm. “With the introduction of LogRhythm NDR, security teams now have the necessary visibility, analytics and automation to not only successfully surface hard-to-see threats, but to also do so faster and more accurately — no matter how resource-constrained they might be.”

LogRhythm NDR uniquely combines Layer 7 network traffic monitoring, full packet capture, multi-method threat detection, and workflow automation. This highly integrated offering empowers organisations to detect and respond to a wide variety of network-borne threats that might otherwise fly under the radar. 

Uncover Hidden Threats with Deep Network Visibility and Forensics

You can’t detect what you can’t see. LogRhythm NDR leverages appliance and software sensors that deliver deep network traffic visibility into data centers, OT infrastructure, remote sites, and public/private cloud. Notable capabilities include:

• Application identification and deep meta-data extraction of encrypted and unencrypted network sessions
• Recognition of 19 Supervisory Control and Data Acquisition (SCADA) protocols
• Always-on or selective, full packet capture, enabling full-fidelity forensic analysis

Accurate Threat Detection Through Multi-Method Network Threat Analytics

LogRhythm NDR takes advantage of LogRhythm’s patented and award-winning security analytics capabilities, combined with on-sensor methods, to deliver comprehensive, high-accuracy threat detection. Notable threat detection methods include:

• Deep inspection of traffic metadata against known indicators of compromise (IOCs)
• Scenario modeling for known tactics, techniques, and procedures (TTPs)
• Behaviour profiling and anomaly detection for insider and zero-day threats

Reduced Response Times with High-Efficiency Workflows Powered by Automation

LogRhythm NDR leverages workflow-integrated security orchestration, automation and response (SOAR) features to empower security teams of all sizes to quickly triage, investigate and neutralise threats.  Notable capabilities include:

• Real-time monitoring of alarms with rapid access to forensic information and threat intelligence
• Case management, delivering secure collaboration and centralisation of forensic evidence
• Guided, customisable playbooks for tracking, documenting and enforcing defined workflows
• Hundreds of automated actions that simplify investigations and enable immediate response
• Metrics for measuring, reporting and improving security team effectiveness

LogRhythm NDR is the most comprehensive offering in this rapidly growing market segment. To offer the same features in support of the full investigative and response workflow, other vendors often rely on integrations with other third-party security information and event management (SIEM), SOAR or network forensics tools. With LogRhythm NDR, security teams quickly realise improved operational capabilities in support of network threat detection and response — without requiring sophisticated network forensics expertise, purchasing and integrating additional tools, or expanding their staffs.

“The combination of real-time monitoring and full-response capabilities have been critical for enabling us to detect and respond to threats quickly and efficiently,” said Dan Ney, enterprise technology security and risk lead, Baker Tilly. “We’re confident in LogRhythm NDR’s ability to help other security teams realise the same time to value that LogRhythm has allowed us to realise.”