LogRhythm

Last Updated: 29th September 2023
Analyst Coverage: Fran Howarth

LogRhythm was founded in 2003 and it has a strong heritage in the SIEM and log management markets. It has its headquarters in Boulder in Colorado and has a presence worldwide, including regional headquarters in Maidenhead in the UK and Singapore. It has been in the hands of private equity investment firm Thoma Bravo since 2018.

Over the years, it has built out its capabilities to provide a range of offerings for organisations to optimise SOC operations. These include SOAR for effective incident response, UEBA for contextual analysis, threat detection and compliance. This platform embraces a zero-trust security model so customers can improve their security posture across their operation. In 2019, it began to offer cloud-based SIEM, hosted and managed by LogRhythm in the cloud.

In 2021, LogRhythm acquired MistNet NDR to broaden out its capabilities further in threat detection and response. It has now built its NDR capabilities into a ful-fledged solution, integrated into its platform.

The most recent development is the release of its Axon cloud-native SaaS platform for security operations enablement. This is an entirely new offering, built from the ground up. It answers much of organisations’ needs for more effective detection and response, containing all the necessary components. It is optimised for the needs of analysts, providing automated visibility into all cloud and self-hosted environments. Its capabilities enable analysts to easily identify, analyse and remediate potential threats.

The platform provides contextual analysis across huge, diverse sets of data, enabling customers to gain insights into their security environments very quickly. This reduces complexity and provides greater efficiency in order to better achieve their objectives. It is easy to set up and intuitive to use, providing immediate value. LogRhythm offers advisory services and professional services for customisation.

Company Info

Headquarters: 4780 Pearl East Circle, Boulder, CO 80301, USA
Telephone: +1 720 881 5400

Security intelligence platform

Last Updated: 24th May 2016

What it does

From an original focus on security information and event management (SIEM) and log management technologies, LogRhythm has broadened out its capabilities into a security intelligence platform with the addition of file integrity monitoring, network and host forensics, configuration monitoring, and big data security analytics. It aims to provide its customers with technology to aid compliance automation and assurance, as well as providing greater intelligence over their IT estates and helping with incident detection and response.

The latest additions to its security intelligence platform include SmartResponse automation framework, added in 2013 for automating incidence response capabilities, which was extended with new capabilities in the release of LogRhythm7 in October 2015. In August 2014, it added a threat intelligence ecosystem, which is a collective of threat intelligence from vendors, its threat intelligence security analytics suite to help its customers to identify, analyse and prioritise security incidents, and its honeypot security analytics suite to enable its customers to deploy honeypots to attract opportunistic hackers. In May 2016, it launched upgrades to its Network Monitor product, which offers network monitoring, analytics and forensics for detecting, investigating and mitigating threats such as ransomware, spear phishing and advanced targeted attacks.

The latest version of the Security Intelligence and Analytics platform is LogRhythm7 and was released in October 2015. As well as extensions to SmartResponse, expanded capabilities include its Elasticsearch indexing architectures for searching unstructured data and for managing big data more efficiently. It also offers improved visualisation capabilities and new risk-based scoring algorithms for better prioritisation capabilities.

Markets and channels

LogRhythm has offices in the US, Europe, the Middle East and Asia-Pacific and serves customers worldwide, many of which are multinational organisations. Its key vertical markets are banking and finance, retail and hospitality, energy/utilities, higher education and healthcare.

LogRhythm has a wide range of partners. These include service partners such as systems integrators, consultancies and vertical solutions providers, a wide range of technology partners and ecosystem partners from which it takes and receives information flows. Partners in its new threat intelligence ecosystem service currently are CrowdStrike, Norse, Symantec, ThreatStream and Webroot. LogRhythm also has a partnership programme for value-added resellers and MSSPs, for which it has developed a specific platform.

Users

LogRhythm targets Global 2000 organisations, government agencies and mid-sized businesses across the globe. It has a wide range of customer case studies and success stories available from across a range of industries.

Technology

The security intelligence platform collects information feeds from a wide range of technology systems, with or without the use of agents. These feeds are collected to a central repository where they are normalised and analysed, using machine learning capabilities that are capable of analysing extremely large big data sets. These analysis capabilities provide intelligence over the network and security stance, creating actionable insight for its customers to help them make better decisions. Its incident response capabilities include SmartResponse, which provides a choice of automated countermeasures according to the context of the incident and its criticality. It has received multiple awards for its technology.

Services

LogRhythm offers a range of professional and technical support services that include help with deployment and ongoing deployment optimisation. Other services include compliance automation, alert optimisation, search and report optimisation, incident response and retail cyber crime. Its customer service and support teams are based in Colorado, although it also has field teams. It offers training courses in its headquarters in the US as well as in the UK, and also has online training options. LogRhythm Labs offers advanced intelligence services in the areas of machine learning, threat intelligence and compliance intelligence to help organisations streamline their operations and incident response.