An enterprise IT environment can generate millions of logs in a single day. While the vast majority are routine messages not requiring any particular action, within the group may be a handful of significant events. Determining what constitutes a meaningful event and automating the process of notifying an Satellite administrator when it occurs is a key function of an enterprise log management and SIEM solution.
But what if the threat is something that unfolds slowly, from multiple sources over an extended period? Even with automated event filtering, detailed forensic reports and real-time alerting, some behavior may be so subtle that it escapes notice by traditional log management and SIEM solutions.
With the geographic and logical complexities in today’s information technology landscape, organizations are confronted with extensive challenges maintaining and operating a secure enterprise network.
In response to these challenges, LogRhythm offers fully interactive network visualization and relationship mapping and combines it with fully integrated geolocation capabilities. Along with trending charts and fully interactive graphical analytics, LogRhythm provides customers with exceptional visual correlation capabilities and global event awareness.
With Geolocation, LogRhythm provides automated geographic context around any event. The source of the event can be associated with the country of origin, region, or state and the city where the event originated. This feature adds global context to geographically distributed enterprise environments and provides administrators with greater awareness of what events are happening and where.
LogRhythm’s geolocation capabilities also extend beyond the corporate network. With a subscription service, customers of any size can automatically receive geographic context identifying the country, region and city of any anonymous log source or destination. LogRhythm can use the additional geographic context to correlate events based on global considerations.
With geolocation, administrators can be alerted immediately of events such as excessive outbound communication outside of the accepted geographic boundaries of the network. Using a simple wizard, they can quickly call up the details of all relevant outbound communication, such as where it was originated, other potentially impacted systems and applications and responsible users and/or processes.
LogRhythm’s Network Visualization tool allows users to map the relationships between any number of hosts from anywhere in the world, whether inside or outside the network. As an added benefit, it incorporates automated geolocation data for maximizing relevant context. Investigations on any criteria identify communication between devices and how it all ties together.
Network Visualization provides a graphic representation of the communication details associated with any investigation. Administrators use a standard, wizard-based interface to define the specifics of what they want to investigate. Network Visualization immediately displays a visual representation of communication between all associated hosts, including a breakdown of logical and physical boundaries.
In addition to where communication is taking place, Network Visualization also provides addition detail about what is being communicated. Network Visualization maps not only show the location of each associated host, but they are also capable of applying network-specific context. This includes information such as bytes in/bytes out and total log count to help identify the origin points and destinations with the highest amount of activity.
Once a Network Visualization relationship map is generated, it has the same interactive capabilities as any LogRhythm tool. Users can quickly drill down to a specific host or group of hosts, with full filter-on-the-fly capabilities. And as a fully integrated function of LogRhythm, search criteria can be saved for future use or captured in a report with a right-click command.