PLUGGED IN
Issue 5: June 2016
Vendor Partner Spotlight

LogRhythm's Network Monitor 3 Boosts Advanced Threat Detection and Mitigation via Deep Packet Analytics and Optimized Incident Response

LogRhythm's Network Monitor 3 provides enterprise-wide network visibility in more detail than traditional network and security solutions, like flow analysis tools and even next generation firewalls.

The deep insights delivered by Network Monitor help organizations detect and respond to advanced threats, including nation-state espionage, zero-day malware, and data exfiltration. Out-of-band deployment means there is no impact on network device capacity or performance.

Some of the recent Network Monitor innovations include:

  • Enhancements to Deep Packet Analytics (DPA) functionality, using runtime Lua-based analytics on Layer 7 flow data to enable advanced security analytics, the generation of network data for the SIEM, and fine-grained control over SmartCapture™
  • Expansion of the range of applications identifiable by Network Monitor, now numbering over 2,700
  • New data visualizations that accelerate threat identification and scope assessment, and illuminate threat trends

LogRhythm's Unified Security Intelligence Network Monitor is available as an independent network forensics solution or as a component of LogRhythm's Security Intelligence Platform.

The integrated solution delivers:

  • Security analytics across a broader data set for corroborated evidence chaining, including:
    • All IT environment-generated log and audit data
    • Endpoint activity captured by endpoint sensors
    • Layer 7 application flow and packet data captured by LogRhythm Network Monitor
  • Behavior Analytics on Network Monitor's data to detect critical anomalies indicative of spear phishing, lateral movement, and suspicious file transfers
  • Centralized search and visualization to expedite investigations, including direct access to stored session based packet capture
  • End-to-end incident response orchestration and automation functionality

Advanced Threat Detection

Detect advanced threats in real-time via market-leading application recognition, customizable Deep Packet Analytics across network and application level data, and multidimensional behavioral analytics.

  • Detect sophisticated threats, including advanced malware
  • Recognize data theft, botnet beaconing, inappropriate network usage, and other threats
  • Corroborate high-risk events observed at the network or application level with environmental activity collected by the SIEM

Rapid Incident Response

Take the guesswork out of incident response. Store session-based packet captures (either selectively or in full) and analyze them using out-of-the-box application identification and application-specific metadata recognition.

Enable your incident response team to work effectively and efficiently with unstructured search, session playback, and file reconstruction.

  • Determine incident scope and understand exactly which data and systems have been compromised
  • Generate irrefutable network-based evidence for threat analysis, policy enforcement, and legal action
  • Reconstruct files transferred across networks to investigate suspected data exfiltration, malware infiltration, and unauthorized data access

Auditing & Operations Support

Network Monitor captures and analyzes data that helps resolve operational issues and meet audit and compliance requirements:

  • Detect bandwidth issues and other performance bottlenecks
  • Discover the devices on your ecosystem, including cloud and IoT
  • Identify compliance issues like exposed PII, plain text passwords, and outdated protocols
  • Alert on policy violation and evasion

Detect & Kill Threats on a Unified Platform

LogRhythm empowers organizations to detect, respond to and neutralize emergent cyber threats, preventing damaging data breaches and cyber incidents.

LogRhythm's Security Intelligence Platform integrates:

  • Next-generation SIEM and log management
  • Endpoint forensics, with registry and file integrity monitoring
  • Network forensics, with application ID and full packet capture
  • Behavioral analytics for holistic threat detection (users, networks and endpoints)
  • Rapid unstructured and contextual search
  • End-to-end incident response orchestration workflows to support team collaboration
  • SmartResponse™ automation framework

For more information please contact:

Gary Doria
Vice President of Sales
631.414.4860  
Gary.Doria@marcumtechnology.com
View Profile