• All
  • Cloud
    • Solutions
    • Virtualization
  • Data
    • Analytics
    • Big Data
    • Customer Data Platform
  • Digital
    • Digital Marketing
    • Social Media Marketing
  • Finance
    • Cost Management
    • Risk & Compliance
  • Human Resources
    • HR Solutions
    • Talent Management
  • IT Infra
    • App Management Solutions
    • Best Practices
    • Datacenter Solutions
    • Infra Solutions
    • Networking
    • Storage
    • Unified Communication
  • Mobility
  • Sales & Marketing
    • Customer Relationship Management
    • Sales Enablement
  • Security
  • Tech
    • Artificial Intelligence
    • Augmented Reality
    • Blockchain
    • Chatbots
    • Internet of Things
    • Machine Learning
    • Virtual Reality
SANS LogRhythm Review – Speed and Scalability Matter

SANS LogRhythm Review – Speed and Scalability Matter

Zendesk
Published by: Research Desk Released: Jan 15, 2019

In today’s fast-paced threat environment, speed to detect and respond is critical. Yet,
according to multiple SANS surveys,1
analysts are finding it difficult to keep up with the
speed in which hackers attack their systems.
While attackers run automated scripts and programs, our security and logging systems
must intake and interpret this data down to actionable information in as near real
time as possible—without bogging down defenders and responders with too much
unnecessary information.
Unfortunately, for many defenders and responders, this level of actionable defense
is not achievable. In addition to lack of visibility, the vast majority of organizations in
SANS surveys cite a lack of personnel and dedicated resources as their key impediments
to rapid and accurate detection and remediation of real threats that apply to their
enterprises.2
Security information and event management (SIEM) platforms and similar tools are
meant to consume log and event information from a variety of endpoints, security
devices and network flows, while providing a dashboard for analysts to drill down into
events and use the information to accurately respond and remediate. Over time, SIEM
tools have evolved to ingest more forms of log, threat, event and intelligence data,
integrate and correlate it against threat intelligence and other contextual information,
and advance their analytics techniques to include artificial intelligence and machine
learning.3
Just how scalable, fast and accurate are these tools when under load? We decided to put
the LogRhythm 7.2 Threat Lifecycle Management Platform to the test. We found that its
clustered Elasticsearch indexing layer supported large log volumes of security and event
data during simulated events that would require investigation and remediation.
Some of the core strengths of LogRhythm’s system include its data processing, machine
analytics, rapid search, and drilldown—all of which speak specifically to the need for
speed and accuracy. Other strong features include LogRhythm’s security automation
and orchestration through case management and SmartResponse™. We also found the
Metrics tab for a case to be a helpful tool in benchmarking mean time to detect and
other useful metrics, including time and completeness of remediation, and utilizing any
new-found intelligence for trending and reuse.