LogRhythm Threat Lifecycle Management: Threat Intelligence Product Overview

Founded in 2003, LogRhythm is based in Boulder, Colo. It is privately held and announced a $50 million round of financing in 2016.

See the complete list of top threat intelligence companies.

Product Description

LogRhythm’s Threat Lifecycle Management (TLM) Platform delivers a coordinated collection of data analysis and incident response capabilities to enable organizations around the globe to rapidly detect, neutralize and recover from security incidents to the network. The LogRhythm TLM Platform uses big data technology and machine learning to deliver SIEM, log management, endpoint monitoring, Network Behavior Analytics (NBA), User Entity and Behavior Analytics (UEBA), and Security Automation and Orchestration (SAO) capabilities in a single platform, enabling end-to-end threat management workflow. LogRhythm’s Threat Intelligence Service (TIS) is a component of the LogRhythm platform that streamlines the use of threat intelligence. It provides access to commercial and open-source threat intelligence feeds. Open source integrations include:

  • Abuse.ch
  • AutoShun
  • Hail a TAXII
  • Malware Domains
  • Phish Tank
  • SpamHaus
  • TOR Network

Commercial threat feed integrations include:

  • Anomali
  • Cisco AMP Threat Grid
  • Cisco Cognitive Threat Analytics
  • Crowdstrike
  • NTT
  • Recorded Future
  • Symantec
  • Webroot BrightCloud


The LogRhythm TLM Platform can be configured to operate with or without the use of agents. LogRhythm offers its own agent, System Monitor, and also supports third-party agents.

Markets and Use Cases

LogRhythm has more than 2,000 customers across five continents and a variety of verticals. It reports a growing customer base in financial services, retail, manufacturing and government.

Applicable Metrics

LogRhythm measures architecture scale in terms of messages per second (MPS), or the amount of machine generated data the solution can receive, process and analyze per second. It can successfully run at 300,000 MPS, representing 26 billion messages per day and over 10,000 gigabytes per day.

Security Qualifications

FISMA, NERC CIP, HIPAA, DoDI, NIST CSF, DADMS (Department of Navy and Database Management Systems) certification, Common Criteria assurance, FIPS 140-2 certification, and a Certificate of Networthiness (CoN) from the U.S. Army.


The LogRhythm TLM Platform automates threat detection and prioritization with pattern matching and advanced correlation to machine learning and statistical analysis. This serves to reduce alarm fatigue and false positives, while shortening detect and response time. Its AI Engine can automatically correlate IoCs contained in threat feeds against log and security event data, enabling the detection of true threats (e.g., dangerous IPs accessing internal infrastructure, inappropriate URL usage, phishing attempts, malware propagation) through the generation of contextualized alarms.


Software and hardware.


Pricing begins at $27,000.

Drew Robb
Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including ServerWatch and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

Latest articles

Top Cybersecurity Companies

Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.

Related articles