LogRhythm Threat Lifecycle Management: Threat Intelligence Product Overview

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Founded in 2003, LogRhythm is based in Boulder, Colo. It is privately held and announced a $50 million round of financing in 2016.

See the complete list of top threat intelligence companies.

Product Description

LogRhythm’s Threat Lifecycle Management (TLM) Platform delivers a coordinated collection of data analysis and incident response capabilities to enable organizations around the globe to rapidly detect, neutralize and recover from security incidents to the network. The LogRhythm TLM Platform uses big data technology and machine learning to deliver SIEM, log management, endpoint monitoring, Network Behavior Analytics (NBA), User Entity and Behavior Analytics (UEBA), and Security Automation and Orchestration (SAO) capabilities in a single platform, enabling end-to-end threat management workflow. LogRhythm’s Threat Intelligence Service (TIS) is a component of the LogRhythm platform that streamlines the use of threat intelligence. It provides access to commercial and open-source threat intelligence feeds. Open source integrations include:

  • Abuse.ch
  • AutoShun
  • Hail a TAXII
  • Malware Domains
  • Phish Tank
  • SpamHaus
  • TOR Network

Commercial threat feed integrations include:

  • Anomali
  • Cisco AMP Threat Grid
  • Cisco Cognitive Threat Analytics
  • Crowdstrike
  • NTT
  • Recorded Future
  • Symantec
  • Webroot BrightCloud


The LogRhythm TLM Platform can be configured to operate with or without the use of agents. LogRhythm offers its own agent, System Monitor, and also supports third-party agents.

Markets and Use Cases

LogRhythm has more than 2,000 customers across five continents and a variety of verticals. It reports a growing customer base in financial services, retail, manufacturing and government.

Applicable Metrics

LogRhythm measures architecture scale in terms of messages per second (MPS), or the amount of machine generated data the solution can receive, process and analyze per second. It can successfully run at 300,000 MPS, representing 26 billion messages per day and over 10,000 gigabytes per day.

Security Qualifications

FISMA, NERC CIP, HIPAA, DoDI, NIST CSF, DADMS (Department of Navy and Database Management Systems) certification, Common Criteria assurance, FIPS 140-2 certification, and a Certificate of Networthiness (CoN) from the U.S. Army.


The LogRhythm TLM Platform automates threat detection and prioritization with pattern matching and advanced correlation to machine learning and statistical analysis. This serves to reduce alarm fatigue and false positives, while shortening detect and response time. Its AI Engine can automatically correlate IoCs contained in threat feeds against log and security event data, enabling the detection of true threats (e.g., dangerous IPs accessing internal infrastructure, inappropriate URL usage, phishing attempts, malware propagation) through the generation of contextualized alarms.


Software and hardware.


Pricing begins at $27,000.

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Drew Robb Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis