Jul 15, 2010 (Close-Up Media via COMTEX) — LogRhythm, a provider of solutions making log data useful, announced that Bloor Research, an IT research, analysis and consultancy firm, has published an independent research report on the LogRhythm Log Management and SIEM 2.0 platform.

Bloor analysts ranked LogRhythm best in class for its integrated real-time analysis, forensics and compliance monitoring capabilities across both logs and security event data – all requirements for SIEM solutions.

The Bloor Research report cites three primary benefits to log and security event management / SIEM solutions: -real-time alerts to external and internal threats -compliance monitoring and reporting -forensics environments for root cause analysis and fraud detection.

LogRhythm was evaluated against five requirements: integration, real-time analysis, forensics and compliance monitoring, infrastructure and performance and scalability.

The report cites LogRhythm for its ability to cover virtually all IT-based logs including database logs, syslogs, network logs, web logs, as well as physical security device logs such as badge readers, call detail records, RFID readers, GPS, ANPR and SCADA sensors. Howard also notes that LogRhythm’s File Integrity Monitoring is not available in most other products.

More Information: http://www.logrhythm.com/Portals/0/resources/BloorReport_June2010.pdf

http://satellite.tmcnet.com/news/2010/07/15/4901296.htm

New functionality, visibility, granularty requirements change this venerable technology

By joltsik on Wed, 06/30/10 – 2:01pm.

Log management technologies have become a staple for regulatory compliance and security reporting. That said, most log management systems provide little more than triggers and alerts when something happens. What about security forensics? Yes, all the information is there but getting to it is a lot like the early days of the World Wide Web when you found information by following hyperlinks. Even a senior security analyst can wade through useless haystacks of security logs for days before discovering valuable needles.

So what’s needed? The next generation of log management featuring:

1. Consolidation of logs and network flows. Some vendors collect both of these data sources but most don’t. Log and flow data together tells about individual network nodes and where they are connecting, helping me understand the origins and ramifications of an attack. Without this combination, I am filling in the blanks in one area or the other.

2. Location awareness. Yes, I want to know what happened but I also want to know where it happened. An IP address is a piece of random evidence while an IP address in the Ukraine may constitute a crime scene.

3. Deeper granular visibility. The system logs provide the big picture but researchers need to dig into particular sub-routines and processes to get a more accurate understanding of what happened. This requires the correlation of many types of data inputs and visual tools that make these relationships understandable.

Leading log management vendors like ArcSight, LogRhythm, Q1 Labs, and others realize that log management isn’t just about collecting and storing esoteric IT data, it is about providing organizations with the right data and tools to make this data actionable.

It’s time for users and other vendors to realize that the next generation of log management isn’t a visionary concept, it is an absolute requirement.

http://www.networkworld.com/community/blog/log-management-next-generation

SIEM 2.0 Leader is Recognized as One of the Most Innovative Private Technology Companies in North America

BOULDER, Colo., Jul 06, 2010 (BUSINESS WIRE) — LogRhythm, the company that makes log data useful, today announced that it has received the prestigious Red Herring 100 Award for 2010, which annually honors the most innovative privately-held technology companies in North America. Red Herring’s Top 100 North America list has become a mark of distinction for identifying promising companies and entrepreneurs.

“We are honored to be a Red Herring 100 winner for 2010, and are excited to be in the same company as past winners including Facebook, Twitter, Google, Yahoo, Skype, Salesforce.com, YouTube, and eBay,” said Andy Grolnick, CEO of LogRhythm. “Our focus on combining log and security event management with advanced visualization, Geolocation, and mapping technologies provides a more complete picture of activity occurring across corporate networks and is redefining our product category. This award is further proof that we are both a SIEM market and technology leader.”

“Choosing the companies with the strongest potential was by no means a small feat,” said Alex Vieux, publisher and CEO of Red Herring. “After rigorous contemplation and discussion, we narrowed our list down from hundreds of candidates from across North America to the Top 100 Winners. We believe LogRhythm embodies the vision, drive and innovation that define a successful entrepreneurial venture. LogRhythm should be proud of its accomplishment, as the competition was very strong.”

Red Herring’s editorial staff evaluated the companies on both quantitative and qualitative criteria, such as financial performance, technology innovation, management quality, strategy, and market penetration. This assessment of potential is complemented by a review of the track record and standing of startups relative to their sector peers, allowing Red Herring to see past the “buzz” and make the list a valuable instrument of discovery and advocacy for the most promising new business models in North America.

LogRhythm SIEM 2.0 Solution

LogRhythm is the only vendor with a fully integrated SIEM 2.0 platform that combines log and event management with external and internal threat-monitoring capabilities. LogRhythm supports logs from virtually any source, and provides file integrity monitoring as well as network and user monitoring. It is highly reliable, cost effective, and scales easily across any size enterprise. LogRhythm enables organizations to invest in a single solution that solves a broad range of regulatory compliance, security, and IT operations challenges.

About Red Herring

Red Herring is a global media company uniting the world’s best high technology innovators, venture investors and business decision makers in a variety of forums: a leading innovation magazine; an online daily technology news service; technology newsletters, and major events for technology leaders around the globe. Red Herring provides an insider’s access to the global innovation economy, featuring unparalleled insights on the emerging technologies driving the economy. For more information, visit www.redherring.com

About LogRhythm

LogRhythm, the leader in Log Management and SIEM 2.0, delivers log and event management, file integrity monitoring, and network and user monitoring in a single integrated solution. LogRhythm empowers organizations to comply with regulations, secure their networks, and optimize IT operations. The company has received SC Magazine’s Innovator of the Year Award, Readers Trust Award for “Best SIEM” solution and the “Best Buy” designation for Digital Forensics. It is a winner of the 2010 Red Herring Top 100 North America Award and was again recently placed by Gartner Inc. in the visionaries quadrant of the Security Information and Event Management (SIEM) Magic Quadrant report for 2010. LogRhythm is privately held and based in Boulder, Colorado with European Headquarters in Maidenhead, England, and Asia Pacific operations in Hong Kong. For more information visit: www.logrhythm.com.

SOURCE: LogRhythm

First aid charity St John Ambulance is rolling out a security information system to ensure compliance with the Payment Card Industry Data Security Standard (PCI DSS).

The security information event management system (SIEM) from LogRhythm will automate reporting and simplify PCI DSS compliance.

Until now, the charity’s IT team collected log data manually, making any analysis or forensic investigations time consuming.

St John Ambulance is classed as a level 3 merchant and has to comply with PCI DSS because of the income generated by its first aid services and training programmes.

The organisation chose the LogRhythm product to meet the log data requirements of PCI DSS after assessing a number of options.

“LogRhythm stood out as being more flexible and configurable than the others,” said Karl Heydenrych, IT director at St John Ambulance.

“This ensures a better fit for the business and brings us a faster return on investment, which is important to a charity,” Karl Heydenrych said.

According to Heydenrych, LogRhythm was the only product that offered integrated file integrity monitoring (FIM).

This meant that it was unnecessary to buy additional software to meet the FIM requirements of PCI DSS as well as simplify and strengthen security, audit and compliance processes, he said.

Heydenrych plans to develop LogRhythm’s use to provide better visibility over changing activity across the entire IT estate by capturing and reporting anomalies.

http://www.computerweekly.com/Articles/2010/06/30/241792/St-John-Ambulance-gears-up-for-PCI-DSS-compliance.htm

To help organisations detect and mitigate threats from inside and outside the firewall, LogRhythm now monitors system processes and network connections on endpoints, provides Geolocation of hosts, and maps relationships through network visualization. This global view of network activity adds context to logs and security events to expose patterns and exceptions that would otherwise go undetected.

“In order to detect sophisticated threats including targeted attacks and abuse by privileged users, SIEM/Log Management platforms need to extend visibility, awareness and forensic context to activity throughout the enterprise,” said Jon Oltsik, senior principal analyst for IT analyst and business strategy firm Enterprise Strategy Group.

“LogRhythm continues to be one of the pace setters in this regard by delivering innovations in host and network-level awareness, Geolocation mapping for logs and events and new visualization techniques that yield intelligence and insight from log data, not just random pieces of a puzzle. The new enhancements to the LogRhythm platform reveal the bigger picture by exposing patterns and relationships concealed in countless security records and events.”

Logging Process and Connection Activity

To enable organisations to gain 360 degree visibility of network and host activity for security and compliance management, LogRhythm has added process and connection monitoring to fill information gaps that are not addressed by standard logging. LogRhythm Process Monitor provides independent monitoring of processes running on a host, including the process name and ID, who started it, when it was started, stopped, duration, etc.

LogRhythm Connection Monitor logs all network activity such as listening services, inbound connections, and outbound connections to/from a host including local and remote IP addresses and ports, connection state, direction, duration, and more. Whether it’s a rogue peer-to-peer client running on a laptop or an unauthorised SMTP server on the network, LogRhythm’s enhanced System Monitor agent will provide the visibility and awareness necessary to take appropriate action. These capabilities, combined with LogRhythm’s existing file integrity monitoring and endpoint monitoring & control, provide comprehensive forensic data collection of activity on networks and hosts.

Geolocation Pinpoints The “Where”

For organisations that want to combine location information with relationship mapping between hosts associated with internal, inbound or outbound activity, LogRhythm now provides Geolocation data for both logs and security events – an industry first. This capability enables security teams to know where an activity originated, its destination and the impacted hosts, in order to detect potential attacks and data leaks. For example, using white or black lists, administrators can easily create alerts to generate alarms when data is transferred outside the country, or to unfriendly countries, regions, etc., or when VPN connections originate from unauthorised locations. When combined with LogRhythm’s new network visualization capabilities, Geolocation quickly reveals behaviours, patterns and trends that warrant investigation and/or require corrective action to mitigate security threats.

“From day one, LogRhythm has been focused on helping customers fill the ‘visibility gaps’ on their networks. While logs provide tremendous value on their own, they often don’t provide the complete story,” said Chris Petersen, co-founder and CTO of LogRhythm. “This new version of LogRhythm expands our ability to independently monitor and capture critical forensic information. By providing a more complete picture of activity occurring across the enterprise, LogRhythm makes it easier to detect sophisticated intrusions, insider threats, compliance violations, and operational problems that would otherwise be overlooked or discovered only after the damage was done.”

Visualization Maps Network Activity-Relationships

To reveal hidden threats, trends, security violations, and more, LogRhythm provides a powerful new network visualization tool that maps host-to-host activity, relationships within the enterprise network, and inbound/outbound communications. By rolling together logs, security events, connection monitoring data, and Geolocation information, LogRhythm provides an eye-in-the-sky perspective of activity that spans endpoints as well as network traffic. At a glance, security administrators can quickly identify where suspicious activity is occurring, the scope of the risk or impact, and its origins from inside and outside the enterprise.

Some examples include:
* Pinpointing the source of remote authentications and their frequency
* Detecting if a compromised host has connected to or attacked another internal host
* Knowing if hosts containing sensitive data have connected to hosts residing outside authorised operating locations (i.e., rogue nations, competitors, etc.)

Expanded Fault Tolerance Delivers On Business Continuity Demands

To complement its existing fault tolerance capabilities, LogRhythm has added a new line of High Availability (HA) appliances to its LRX lineup. These HA solutions meet the growing demand for business continuity assurance of enterprise Log Management/SIEM processes. They provide full data and system replication and unattended failover to deliver enterprise-level reliability for LogRhythm’s Log Management and SIEM 2.0 solutions.

http://www.securitypark.co.uk/security_article264987.html

AccelOps, the integrated data center and cloud service monitoring leader, today announced that AccelOps was rated “Value Leader” among vendors assessed in “EMA Radar for Business Service Management (BSM) — an EMA Service Impact Report(TM),” a comprehensive study produced by leading industry analyst firm Enterprise Management Associates (EMA).

EMA research analyzed 15 BSM vendors and their respective products across multiple dimensions including functionality, deployment and administration, architecture and integration, cost advantage and vendor strength. The study was based on EMA conducting industry analysis, vendor assessment, product appraisal and validation through customer interviews. To learn more about the BSM research visit EMA at: http://www.enterprisemanagement.com/research/asset.php?id=1759.

The study found AccelOps as part of the BSM elite is “one of the most innovative market contenders for bringing affordable and surprisingly comprehensive BSM to the mid-tier and increasingly larger customers, MSPs, SaaS providers and VARs.” The report also states that “AccelOps is optimized for those environments that need both a ‘bottoms-up’ infrastructure monitoring and ‘top down’ BSM service construct, mapping and level monitoring capability.”

AccelOps allows organizations to better leverage their infrastructure and operational resources, as well as cloud computing, by providing end-to-end visibility across performance, availability, security and change management while linking the physical and virtual infrastructure to business and business services.

AccelOps integrated and service-oriented platform automates the collection, monitoring, analysis and detailed reporting on all performance and IT/event log data with a single pane of glass that cuts through networks, systems, applications, virtualization and technology boundaries.

Delivered as a virtual appliance or SaaS, AccelOps yields in-depth operational oversight, service insight, proactive monitoring with reduced MTTR and operational efficiency.

“We are pleased to have participated in this extensive vendor assessment process and we are certainly delighted to be distinguished by EMA as the value leader,” said Imin Lee, CEO of AccelOps. “AccelOps offers the right level of integration, feature depth and value for enterprises and service providers to increase service reliability and gain operational efficiency.”

About AccelOps, How IT Accelerates Business

AccelOps provides award-winning data center and cloud service monitoring software delivered as a virtual appliance or SaaS. The all-in-one solution monitors data center, network infrastructure and cloud environments across service, performance, availability, security and change management. The integrated approach aggregates, cross-correlates and manages diverse operational data, both on-premise and in the cloud, to yield end-to-end visibility, efficient root-cause analysis, reduced MTTR, operational efficiency and compliance automation. The Silicon Valley-based company is privately held, venture-backed and led by experienced technology executives who created the popular Cisco MARS security information management appliance. Do more, control more and save more by visiting http://www.AccelOps.net.

AccelOps Inc. is a privately held Delaware corporation. AccelOps, the AccelOps logo, OpsBridge and OpsAdvisor are trademarks of AccelOps, Inc. Other names mentioned may be trademarks and properties of their respective owners.

Media Contacts:
Deb Montner
Montner & Associates, Tech PR
203-226-9290
Email Contact

SOURCE: AccelOps Inc.

Security information and event management vendor LogRhythm updates its platform to offer enterprises a new path to security with added visibility into their log files.

June 22, 2010
By Sean Michael Kerner

Real-time log files contain a wealth of information about enterprises’ data assets, and LogRhythm is betting that there’s a security advantage to be gained by tapping into that well.

The security information and event management vendor has updated its core platform to give enterprises greater visibility into their log data, pulling in information from the host and network layers that aren’t typically included in log management applications. Datamation has the details.

Most IT systems generate log files and hidden within them could be the answer to some enterprise IT security issues. Security information and event management (SIEM) (define) vendor LogRhythm this week announced an update to its platform, providing enterprises with increased visibility into the real-time log files of their IT assets.

The LogRhythm release comes as enterprises continue face both external and internal security threats and are ramping up effort to secure their infrastructure in response. The new release provides new capabilities for monitoring processes and network connection on endpoints as well as providing the ability to correlate that data with geographical location information.

http://www.internetnews.com/security/article.php/3889001/LogRhythm+Mining+Log+Files+for+Better+Security.htm

LogRhythm uses log and security event data combined with geolocation and network activity relationship mapping

Jun 22, 2010 | 02:40 PM