LogRhythm's Security Intelligence Platform: SIEM product overview

Expert Karen Scarfone examines LogRhythm's Security Intelligence Platform, a SIEM tool for analyzing collected data.

The LogRhythm Security Intelligence Platform is a security information and event management (SIEM) product for enterprise use. It is used to collect security event log data from software throughout an enterprise, including network security controls, operating systems and user applications. The SIEM tool analyzes the data to identify possible signs of malicious activity so humans or automated processes can stop attacks in progress or help recover from successful attacks. SIEM platforms such as LogRhythm's also generate detailed reports on security events that can be used to document compliance with security regulations, laws and other requirements.

LogRhythm SIEM product versions

LogRhythm's SIEM platform is available in several formats, including an all-in-one bundle or distributed components, and as hardware-based appliances, server-based software and virtual appliances (supported by VMWare ESX, Microsoft Hyper-V and Citrix XenServer). These last three formats -- hardware, virtual and server software -- can be mixed and matched as needed within a single LogRhythm Security Intelligence Platform implementation.

Examples of the major component types are:

  • Platform Manager (PM): Supports centralized management and administration for the LogRhythm implementation
  • Data Processor (DP): Performs log collection and management
  • Data Indexer (DX): Indexes data and metadata
  • AI Engine (AI): Provides correlation and analysis capabilities
  • All-In-One (XM): Combines the PM, DP, DX and AI components
  • Network Monitor (NM): Specializes in deep analysis of network traffic contents
  • Data Collector (DC): Collects log data from remote systems and prepares it for secure transfer to the centralized LogRhythm Security Intelligence Platform implementation

Multiple models are available for many of these component types, and Web appliances and storage arrays are also available to further expand an implementation. See here for more information on currently available models.

Additional security capabilities

In addition to providing all the traditional core SIEM functions, LogRhythm's SIEM platform offers a range of advanced security capabilities. First, for organizations that want to improve the accuracy of their SIEM product's threat detection, LogRhythm's Security Intelligence Platform supports the use of Geolocation feeds and threat intelligence feeds through separate subscriptions. Organizations can choose from any of several threat intelligence partners and can use one or more of their feeds with the LogRhythm Security Intelligence Platform.

The platform can also extensively supplement existing endpoint logging and forensic capabilities, including the monitoring and analysis of endpoint events involving file and registry monitoring, process execution, network traffic and user-generated events. The product also offers a range of network forensics capabilities.

Reporting capabilities

The reporting capabilities offered by the LogRhythm SIEM product are more extensive than any other major enterprise SIEM product, with built-in support for over 800 report formats. This built-in support includes reporting for many major security compliance initiatives, including:

Licensing and pricing

Because the components of the platform are available in so many models and combinations, it is outside the scope of this article to explain the possible licensing and pricing arrangements.

LogRhythm SIEM platform overview

The LogRhythm Security Intelligence Platform components can be deployed in various arrangements and architectures to meet the needs of nearly any organization. The product offers the widest range of product formats, security features, and reporting capabilities of any enterprise SIEM product. While this could potentially offer more functionality and capacity than smaller organizations need, most organizations would find the LogRhythm Security Intelligence Platform to meet or exceed all of their SIEM requirements and desired features.

Next Steps

In part one of this series, learn about the basics of SIEM products in the enterprise

In part two of this series, find out about the enterprise benefits of SIEM products

In part three of this series, read about the seven questions to ask before buying a SIEM product

In part four of this series, compare the best SIEM systems in the industry

Dig Deeper on Security analytics and automation