LogRhythm Goes AI with Security Threat Detection Engine
February 22, 2011 Alex Woodie
LogRhythm this month unveiled a new security threat detection engine for its security information and event management (SIEM) software. With its advanced pattern-matching capabilities, LogRhythm says its new Advanced Intelligence (AI) engine will help users identify complex and blended security attack methods faster than before.
Like most SIEM systems, the LogRhythm product does double-duty. On the one hand, it tracks application and server logs for compliance purposes. And as a SIEM product, it gathers and correlates information about events that may pose a security risk.
The Boulder, Colorado, company says its new AI Engine goes beyond simple correlation to provide advanced pattern recognition. Instead of requiring an administrator to scroll through a pre-filtered subset of security events or write scripts to narrow the possible intrusion methods, the AI Engine brings more intelligence to bear on the problem by identifying statistical deviations and behavioral abnormalities occurring in real time or against archived data.
LogRhythm says the new AI Engine will be particularly adept at spotting sophisticated intrusions that can be difficult to detect using traditional signature-based security solutions. These types of intrusions often involve custom malware and are used to perpetrate zero-day attacks, so-called advanced persistent threats (APTs) fraud, and inside attacks that might otherwise go unnoticed.
The AI Engine is an optional component of the LogRhythm product. The company has taken pains to make sure it’s easy for customers to use. Users can get started quickly with a setup wizard that offers some basic customization of pre-defined rules. Beyond that, users can further refine the rules by working within a “building block workflow palette” that includes common events written in plain English and 50 pre-defined metadata fields, the company says.
“Until now, building correlation rules in SIEM products has effectively required a PhD in scripting languages and a very precise understanding of the activity, condition, or exception you were looking for,” LogRhythm co-founder and CTO Chris Petersen states in a press release. “We designed the LogRhythm AI Engine to harness hybrid analysis techniques applied across all log data to deliver next generation pattern recognition capabilities, including complex correlation.”
LogRhythm has supported IBM i source data since August 2008, when the company partnered with PowerTech to gain access to the platform and its rich treasure-trove of log data. LogRhythm uses PowerTech’s Interact product to translate IBM i-specific messages and queues from the security audit journal and the system and system operator message queues into the industry standard Syslog format that can be digested by SIEMs.