WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
See the complete list of top threat intelligence companies.
Founded in 2003, LogRhythm is based in Boulder, Colo. It is privately held and announced a $50 million round of financing last year.
LogRhythm's Threat Lifecycle Management (TLM) Platform delivers a coordinated collection of data analysis and incident response capabilities to enable organizations around the globe to rapidly detect, neutralize and recover from security incidents. The LogRhythm TLM Platform uses big data technology and machine learning to deliver SIEM, log management, endpoint monitoring, Network Behavior Analytics (NBA), User Entity and Behavior Analytics (UEBA), and Security Automation and Orchestration (SAO) capabilities in a single platform, enabling end-to-end threat management workflow. LogRhythm’s Threat Intelligence Service (TIS) is a component of the LogRhythm platform that streamlines the use of threat intelligence. It provides access to commercial and open-source threat intelligence feeds. Open source integrations include:
- Hail a TAXII
- Malware Domains
- Phish Tank
- TOR Network
Commercial threat feed integrations include:
- Cisco AMP Threat Grid
- Cisco Cognitive Threat Analytics
- Recorded Future
- Webroot BrightCloud
The LogRhythm TLM Platform can be configured to operate with or without the use of agents. LogRhythm offers its own agent, System Monitor, and also supports third-party agents.
Markets and Use Cases
LogRhythm has more than 2,000 customers across five continents and a variety of verticals. It reports a growing customer base in financial services, retail, manufacturing and government.
LogRhythm measures architecture scale in terms of messages per second (MPS), or the amount of machine generated data the solution can receive, process and analyze per second. It can successfully run at 300,000 MPS, representing 26 billion messages per day and over 10,000 gigabytes per day.
FISMA, NERC CIP, HIPAA, DoDI, NIST CSF, DADMS (Department of Navy and Database Management Systems) certification, Common Criteria assurance, FIPS 140-2 certification, and a Certificate of Networthiness (CoN) from the U.S. Army.
The LogRhythm TLM Platform automates threat detection and prioritization with pattern matching and advanced correlation to machine learning and statistical analysis. This serves to reduce alarm fatigue and false positives, while shortening detect and response time. Its AI Engine can automatically correlate IoCs contained in threat feeds against log and security event data, enabling the detection of true threats (e.g., dangerous IPs accessing internal infrastructure, inappropriate URL usage, phishing attempts, malware propagation) through the generation of contextualized alarms.
Software and hardware.
Pricing begins at $27,000.
Free Security Resources
Detect and Investigate Malicious IP Activities in SIEM with Predictive Threat Intelligence
You already know how good Splunk is at correlating and analyzing operational data. But did you know that when you combine real-time, predictive threat intelligence with your IP logs, Splunk can actually alert you to perimeter attacks and accelerate the discovery and response to advanced online attacks?
- Continuously monitor and analyze over 4.3 billion IP addresses and affiliated IPs, URLs, files and mobile apps for highly accurate, actionable, real-time intelligence
- Identify IPs with a history of malicious behavior and predict which IPs pose a greater risk of a future attack
- Integration is fast, easy and will help your SIEM deliver greater depth and security insight into threats than you ever imagined possible