LogRhythm's Security Intelligence Platform: SIEM product overview

LogRhythm SIEM product versions

LogRhythm's SIEM platform is available in several formats, including an all-in-one bundle or distributed components, and as hardware-based appliances, server-based software and virtual appliances (supported by VMWare ESX, Microsoft Hyper-V and Citrix XenServer). These last three formats -- hardware, virtual and server software -- can be mixed and matched as needed within a single LogRhythm Security Intelligence Platform implementation.

Examples of the major component types are:

• Platform Manager (PM): Supports centralized management and administration for the LogRhythm implementation
• Data Processor (DP): Performs log collection and management
• Data Indexer (DX): Indexes data and metadata
• AI Engine (AI): Provides correlation and analysis capabilities
• All-In-One (XM): Combines the PM, DP, DX and AI components
• Network Monitor (NM): Specializes in deep analysis of network traffic contents
• Data Collector (DC): Collects log data from remote systems and prepares it for secure transfer to the centralized LogRhythm Security Intelligence Platform implementation

Multiple models are available for many of these component types, and Web appliances and storage arrays are also available to further expand an implementation. See here for more information on currently available models.

Additional security capabilities

In addition to providing all the traditional core SIEM functions, LogRhythm's SIEM platform offers a range of advanced security capabilities. First, for organizations that want to improve the accuracy of their SIEM product's threat detection, LogRhythm's Security Intelligence Platform supports the use of Geolocation feeds and threat intelligence feeds through separate subscriptions. Organizations can choose from any of several threat intelligence partners and can use one or more of their feeds with the LogRhythm Security Intelligence Platform.

The platform can also extensively supplement existing endpoint logging and forensic capabilities, including the monitoring and analysis of endpoint events involving file and registry monitoring, process execution, network traffic and user-generated events. The product also offers a range of network forensics capabilities.

Reporting capabilities

The reporting capabilities offered by the LogRhythm SIEM product are more extensive than any other major enterprise SIEM product, with built-in support for over 800 report formats. This built-in support includes reporting for many major security compliance initiatives, including:

• Federal Information Security Management Act of 2014
• Gramm-Leach-Bliley Act
• Health Insurance Portability and Accountability Act
• International Organization for Standardization/International Electrotechnical Commission 27001/27002, Information Security Management
• North American Electric Reliability Corporation Critical Infrastructure Protection
• Payment Card Industry Data Security Standard
• Sarbanes-Oxley Act

Licensing and pricing

Because the components of the platform are available in so many models and combinations, it is outside the scope of this article to explain the possible licensing and pricing arrangements.

LogRhythm SIEM platform overview

The LogRhythm Security Intelligence Platform components can be deployed in various arrangements and architectures to meet the needs of nearly any organization. The product offers the widest range of product formats, security features, and reporting capabilities of any enterprise SIEM product. While this could potentially offer more functionality and capacity than smaller organizations need, most organizations would find the LogRhythm Security Intelligence Platform to meet or exceed all of their SIEM requirements and desired features.