Security Information & Event Management
Security information and event management (SIEM) technology supports threat detection and security incident response through the real-time collection and historical analysis of security events from a wide variety of event and contextual data sources. It also supports compliance reporting and incident investigation through analysis of historical data from these sources. The core capabilities of SIEM technology are a broad scope of event collection and the ability to correlate and analyze events across disparate sources.
• Fully integrated Next-Gen SIEM, Log Management, File Integrity Monitoring (FIM), Network & Host Activity Monitoring, and Security Analytics
• Data-driven, machine analytics approach to detect advanced threats.
• Risk-based-priority algorithm applies risk and threat factors to automatically qualify alarms, to enable customers to focus on the highest-risk concerns
• SmartResponse script-based countermeasures, which are triggered by an alarm or manually
• Compliance reporting packages for PCI, HIPAA, SOX, GLBA, NERC, FISMA, DoDI) with continuous, real-time security monitoring
Use Cases Addressed
• Suspicious User Behavior: automatically detect compromised credentials
• Malware Detection: malware can be detected by LogRhythm through behavioral analysis.
• Data Breach Prevention: identify hackers trying to steal valuable data
• Compliance Violations: an unauthorized user accesses secured data