SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
LogRhythm updates SIEM Platform with latest innovations
Wed, 6th Jul 2022
FYI, this story is more than a year old

LogRhythm has announced the launch of version 7.9 of the LogRhythm SIEM Platform and updates to LogRhythm NDR and LogRhythm UEBA.

Kish Dill, chief product and customer officer at LogRhythm, comments, “LogRhythm arms security teams with intelligent analytics and automated responses to reduce cybersecurity exposure, eliminate blind spots and quickly shut down attacks.

"The company is changing the way we work by becoming customer-centric throughout our whole organisation. We are listening to our customers and promise to deliver quarterly innovations that address the challenges our customers face every day. We recognise that security teams don't have time to spare on long processes and inefficient workflows.

"With these latest updates, security teams will have the tools they need to make operations more effective and efficient to defend their organisation against today's top threats.

LogRhythm 7.9, LogRhythm NDR (formerly Mistnet NDR) and LogRhythm UEBA (formerly CloudAI) provide new features designed to help security teams overcome everyday obstacles by accelerating threat response, improving workflows and simplifying processes. This includes the following:

Improved analyst workflows

  • Enhanced automation with Admin API: LogRhythm 7.9 improves the Admin API by adding system monitoring management (LogRhythm SysMon) endpoints to the API library. This enables SIEM administrators to connect through the Admin API and manage the SysMon agent, allowing for automated process batching.
  • Embedded expertise: LogRhythm accelerates customer time to value through its out of the box LogRhythm SmartResponse. LogRhythm 7.9 includes added and enhanced SmartResponses to it's already extensive library of more than 120 integrations.
  • Enable packet capture in UI: LogRhythm NDR users can download PCAP files for specific incidents and cases to pull in more detail, helping investigations and improving threat hunting.
  • Easier and faster event log filtering: LogRhythm 7.9 includes a new way to filter logs at the agent. Users can now select the types of Windows event logs the agent queries, accelerating the time to process logs and removing the burden on the collection pipeline.

Expanded threat detection capabilities

  • Enhanced LogRhythm NDR detection models: Users can detect a wider array of ransomware attacks with LogRhythm NDR's improved analytics capabilities.
  • Advanced analytics models: LogRhythm UEBA offers advanced UEBA analytics as a cloud-native, easy to deploy add-on for LogRhythm 7.9 users. Models were improved and new models added to ensure today's complex attacks can be detected and anomalies requiring priority attention can be identified, further reducing alert fatigue and accelerating response times.
  • Policy violation alerts: LogRhythm NDR offers alerts about expired certificates, weak ciphers used in connections, and authentication activity happening in clear text, offering additional context to what could represent a risk.

Extended flexibility

  • Controlled overages with powerful licence metering reporting: LogRhythm added a new reporting feature to make licensing overages more visible and easier to understand by displaying any overages in the past 30 days. This feature will help teams better manage licence usage and costs.
  • Expanded endpoint integrations: LogRhythm now includes Cisco Secure Endpoint (formerly AMP for Endpoints) in its family of EDR integrations