LogRhythm Goes Multi-Dimensional in Security Analysis
October 23, 2012 Alex Woodie
Cyber criminals are getting more clever by the day, and so can the good guys with products like the new SIEM (security information and event management) solution unveiled by LogRhythm last week. The Boulder, Colorado, company claims that its solution is the first multi-dimensional security database capable of tackling “big data”-sized troves of information.
LogRhythm’s SIEM product, which is also called LogRhythm, gathers security-related data from many sources (including IBM i logs), and mixes it in an attempt to tease real and actionable information out of the noise. Like other products in the SIEM class, LogRhythm has sought a competitive advantage by attempting to simplify the analysis process and make it usable by average humans, but without dumbing down the results.
LogRhythm’s latest attempt involves a multi-dimensional approach to data categorization. Multi-dimensional databases have typically been used by large organizations looking to find patterns hidden across large amounts of data and stretches of time. LogRhythm claims that it is the first company using multi-dimensional analysis (which is sometimes called online analytical processing, or OLAP) in the security venue.
The company says the multi-dimensional approach to SIEM is necessary due to the difficulties of establishing a baseline of normal user activity in an organization using a manual approach. In order to get a truly accurate view of baseline activities, LogRhythm says, organizations must monitor all the data collected by the SIEM, rather than a small slice of it. The small slice approach is ineffective because it won’t accurately reflect actual user behaviors and, therefore, will provide cover for cyber criminals to exploit by masking their activities as “normal.”
In short, the cyber criminals have raised their game to the point where security personnel need to bust out the big guns in response. The OLAP approach offers the unique capability to not only analyze large amounts of data (i.e., “big data”), but also to detect small patterns occurring over stretches of time.
“Today’s cyber threats are more advanced and, in many cases, more stealthy than ever before. Organizations need to understand what ‘normal’ behavior is across multiple dimensions of their electronic enterprise so they can detect abnormal activity indicative of a threat or breach,” states Chris Petersen, CTO and cofounder of LogRhythm in a press release. “Adding the multi-dimensional behavioral analytics layer to our SIEM 2.0 platform delivers on that need and, once again, sets a new standard for advanced threat and breach detection.”