LogRhythm has announced a new version of its integrated log management/SIEM platform to provide holistic visibility and relationship mapping of network activity.
The company said that features now include the addition of process and connection monitoring to fill information gaps that are not addressed by standard logging. Meanwhile the LogRhythm Process Monitor provides independent monitoring of processes running on a host, including the process name and ID, who started it, when it was started, stopped and its duration.
The LogRhythm Connection Monitor logs all network activity such as listening services, inbound connections and outbound connections to/from a host including local and remote IP addresses and ports, while LogRhythm's enhanced System Monitor agent will provide the visibility and awareness necessary to take appropriate action.
Also added is geolocation data for both logs and security events to enable security teams to know where an activity originated, its destination and the impacted hosts, in order to detect potential attacks and data leaks.
Chris Petersen, co-founder and CTO of LogRhythm, said: “From day one, LogRhythm has been focused on helping customers fill the ‘visibility gaps' on their networks. While logs provide tremendous value on their own, they often don't provide the complete story.
“This new version of LogRhythm expands our ability to independently monitor and capture critical forensic information. By providing a more complete picture of activity occurring across the enterprise, LogRhythm makes it easier to detect sophisticated intrusions, insider threats, compliance violations, and operational problems that would otherwise be overlooked or discovered only after the damage was done.”