https://www.techtarget.com/searchsecurity/feature/LogRhythms-Security-Intelligence-Platform-SIEM-product-overview
The LogRhythm Security Intelligence Platform is a security information and event management (SIEM) product for enterprise use. It is used to collect security event log data from software throughout an enterprise, including network security controls, operating systems and user applications. The SIEM tool analyzes the data to identify possible signs of malicious activity so humans or automated processes can stop attacks in progress or help recover from successful attacks. SIEM platforms such as LogRhythm's also generate detailed reports on security events that can be used to document compliance with security regulations, laws and other requirements.
LogRhythm's SIEM platform is available in several formats, including an all-in-one bundle or distributed components, and as hardware-based appliances, server-based software and virtual appliances (supported by VMWare ESX, Microsoft Hyper-V and Citrix XenServer). These last three formats -- hardware, virtual and server software -- can be mixed and matched as needed within a single LogRhythm Security Intelligence Platform implementation.
Examples of the major component types are:
Multiple models are available for many of these component types, and Web appliances and storage arrays are also available to further expand an implementation. See here for more information on currently available models.
In addition to providing all the traditional core SIEM functions, LogRhythm's SIEM platform offers a range of advanced security capabilities. First, for organizations that want to improve the accuracy of their SIEM product's threat detection, LogRhythm's Security Intelligence Platform supports the use of Geolocation feeds and threat intelligence feeds through separate subscriptions. Organizations can choose from any of several threat intelligence partners and can use one or more of their feeds with the LogRhythm Security Intelligence Platform.
The platform can also extensively supplement existing endpoint logging and forensic capabilities, including the monitoring and analysis of endpoint events involving file and registry monitoring, process execution, network traffic and user-generated events. The product also offers a range of network forensics capabilities.
The reporting capabilities offered by the LogRhythm SIEM product are more extensive than any other major enterprise SIEM product, with built-in support for over 800 report formats. This built-in support includes reporting for many major security compliance initiatives, including:
Because the components of the platform are available in so many models and combinations, it is outside the scope of this article to explain the possible licensing and pricing arrangements.
The LogRhythm Security Intelligence Platform components can be deployed in various arrangements and architectures to meet the needs of nearly any organization. The product offers the widest range of product formats, security features, and reporting capabilities of any enterprise SIEM product. While this could potentially offer more functionality and capacity than smaller organizations need, most organizations would find the LogRhythm Security Intelligence Platform to meet or exceed all of their SIEM requirements and desired features.
18 Nov 2015