LogRhythm Debuts New ‘Intelligent’ IT Search
January 6, 2009 Alex Woodie
LogRhythm, a developer of security information event management (SIEM) solutions that support i OS (via a partnership with PowerTech), recently debuted a new feature that seeks to make it easier to piece together events recorded in server logs. Dubbed “intelligent IT search,” the new feature combines several techniques to enable IT and security managers to cut through the clutter and find the veritable needle of data in the log haystack.
Log data is notoriously difficult to decipher and understand, and i OS is no different than Unix or Windows in this regard. Correlating events occurring across different platforms can become a difficult and time-consuming enterprise, and hinder attempts to enforce security, compliance, or operational problems.
LogRhythm addresses this problem by processing log data from multiple platforms, and attempting to present it to the IT user in a meaningful way. The first step in this process is tagging log entries using a proprietary classification model that’s conducive to future searches. So a denial of service attack would be classified as a security threat, while a failed log-in might be logged as an auditing problem.
The software also prioritizes log events based on a 100-point risk model. Depending on what servers or applications were impacted, the size of a file involved, or what country the request originated in, LogRhythm can assign the event a value that gives greater meaning than technical mumbo-jumbo that only a programmer could love.
The final component of the company’s “intelligent” IT search strategy involves end-user tools. Once the events have been normalized, classified, and contextualized by the LogRhythm product, managers can use wizard-based interfaces to search through events using meaningful criteria. A series of graphical visualization tools can communicate trends contained across millions of log entries with a single picture. To make getting to this data easy, LogRhythm offers “one-click correlation” to help refine searches, and search tool bars that can be accessed from any screen.
Chris Petersen, CTO of LogRhythm, says the new Intelligent IT search function does the “heavy lifting” of mining log data for actionable information. “Logs provide the digital fingerprints for an entire network, giving visibility into the operations, activities, and security of its interconnected systems, devices, and applications,” he says.
LogRhythm’s offerings begin at $20,000. For more information, visit www.logrhythm.com.