Inside the Security Operation Center with LogRhythm Advanced Intelligence Engine

Security moves very quickly. We live in a world where a ransomware attack can travel the globe and infect hundreds of thousands of computers before security engineers have had a chance to find out what is happening. To stay one step ahead of threats, we need cheat codes. We need to be able to see threats as they hit our networks before they get added to threat lists when it could already be too late.

LogRhythm is giving security engineers the tools to create their own cheat codes. It isn’t up-up-down-down-left-right-left-right-B-A, but if created properly, it could be just as powerful as the Konami Code. LogRhythm delivers their Advanced Intelligence Engine with over 900 rules out of the box, which cover a broad spectrum of attacks from insider threats to sophisticated intrusions. For more fine grain control over security alerts, security analysts can create custom rules for more visibility and detection within their own networks.

LogRhythm is different from traditional security monitoring tools since it correlates all data in the system logs, not just suspected security events. This makes tuning the platform for false positives more difficult but far more insightful. Modern attacks can come from any number of sources, many of which could look like normal traffic to a security analyst. LogRhythm’s Advanced Intelligence Engine uses 70 different log metadata fields to perform real-time analysis of all incoming logs for correlation and security anomalies.

For the high-volume alerts that have a standard response, security engineers can also leverage SmartResponse. SmartResponse can be called by Advanced Intelligence Engine rules to perform tasks and run scripts with little to no interaction from the engineer. If a critical service on a server crashes and doesn’t come back up after a set time, a SmartResponse can be triggered to restart it and alert an engineer, if repeated login attempts are detected for a user, SmartResponse can lock the account until an administrator investigates.

They may not be traditional cheat codes, but LogRhythm’s Advanced Intelligence Engine and SmartResponse allow security engineers to stay one step ahead of a world of threats.