Efficiently Build a Modern Security Operation
Selecting a platform upon which to build your security operation is one of the most important strategic decisions you’ll make. It has to meet your immediate needs and it has to scale over time. It shouldn’t require costly integrations or customizations to realize your goals. Modernize your security operations with the powerful and integrated capabilities of our Security Intelligence Platform.
LogRhythm’s Unified Security Intelligence Platform
End-to-End Threat Management in One Platform
You need deep, real-time visibility into your entire IT environment to defend your organization from today’s threats. LogRhythm analyzes all of your forensic data. It fills gaps with endpoint and network sensors. With LogRhythm, you get the intelligence and tools you need to protect your network.
Flexible Data Collection
Assemble all of your machine data. Gather all the forensic evidence generated by your IT environment with our collector
tier—with or without agents.
Forensic Data Generation
Fill in your forensic data gaps with endpoint and network monitoring. Our network and endpoint sensors ensure that you have all of the forensic detail you need to
detect advanced threats.
Machine Data Intelligence Fabric
Get the intelligence you need—without the noise. We process, structure and contextualize your data for over 750 different sources. You get faster, more accurate analytics with machine data intelligence fabric.
Get real-time protection from threats. Automate multi-dimensional machine analytics, including sophisticated techniques such as machine learning, behavioral profiling, statistical analysis, blacklisting, whitelisting and correlation.
Search through terabytes of data. Find the forensic evidence you need faster. Get the information you need when you need it with structured and unstructured search—in a single,
You need the right information at your fingertips to respond to threats fast. We deliver the information you need in the most useful way so you can respond to the most critical threats quickly.
Incident Orchestration & Automation
Streamline incident response. Neutralize threats faster. Our fully integrated automation, collaboration and workflow tools enable you to prioritize and neutralize threats immediately
High-Performance Component-Based Architecture
Whether you’re a medium-sized company or a Fortune 500 enterprise, we meet your scalability and performance requirements. Our flexible component architecture realizes a wide variety of solutions with a building block approach. Add functionality and capacity as your needs evolve to efficiently scale your LogRhythm deployment based on your unique requirements.
Data Collector provides local agent-based or remote agentless collection of machine data, including log messages, security events and flow data.
System Monitor is an agent-based sensor that independently monitors host-level activity. Monitored activities include user authentications, file modifications, active applications and network communications. System Monitor generates real-time forensic data to support your analytics-driven threat detection and incident response.
Network Monitor performs deep packet inspection of network traffic for application identification, extraction of searchable application-level metadata and full packet capture.
Its internal analytics engine provides run-time Deep Packet Analytics™. Network Monitor forwards full session SmartFlow™ records for analytics-driven threat detection and incident response.
Data Processor provides patented, high-performance, distributed and highly available processing of machine and forensic data received from data collectors, system monitors and network monitors. Data Processor transforms this data into a contextualized form to create the Machine Data Intelligence Fabric that underlies our analytics and platform capabilities.
Data Processor archives and distributes both original unstructured data and structured metadata to other platform components to support indexing, automated machine
analytics and alarming.
Data Indexer provides high-performance, distributed and highly scalable indexing of machine and forensic data received from data processors. It stores data in support of centralized search and forensic analytics. You can deploy multiple data indexers in a high availability cluster to serve massive workloads and a high number of concurrent users.
AI Engine’s patented stream-based machine analytics technology provides real-time, automated analysis of contextualized machine and forensic data received from data processors. It supports a variety of automated analytic techniques, including machine learning, behavioral profiling, statistical analysis, whitelisting, and blacklisting. You can deploy multiple AI Engine nodes to support distributed analysis and workload scaling.
Platform Manager performs alarming, notifications, incident response orchestration, workflow automation and centralized administration for our platform. Platform Manager provides Web and application services, enabling centralized structured and unstructured search, forensic analytics, reporting and real-time dashboards. Platform Manager also delivers our open platform API to support third-party integrations.
Analytics modules are created and maintained by LogRhythm Labs to help our customers achieve rapid time-to-value. Modules include pre-packaged content like machine analytics rules, searches, reports and dashboards.
Improve your security posture with threat management modules such as User Threat Detection and Endpoint Threat Detection. Adhere to complex regulation systems with LogRhythm’s compliance automation modules, which support PCI, SOX, HIPAA, and more.
Patented Processing and Elastic
Elasticsearch is fast becoming the technology of choice for storing structured and unstructured machine data in support of search-based analytics. LogRhythm combines our patented data processing technology with Elasticsearch-based indexing to deliver the most capable and scalable machine data analytics platform in the market. On top of that, you can deploy LogRhythm data processors and data indexers in a matter of minutes. Require the highest levels of performance and availability? Then deploy an active/active architecture and benefit from its inherent cost efficiencies and performance benefits.