Research Library > LogRhythm > SANS LogRhythm Review - Speed and Scalability Matter

SANS LogRhythm Review - Speed and Scalability Matter

White Paper Published By: LogRhythm
LogRhythm
Published:  Jun 19, 2018
Type:  White Paper
Length:  24 pages

In today’s fast-paced threat environment, speed to detect and respond is critical. Yet, according to multiple SANS surveys,1 analysts are finding it difficult to keep up with the speed in which hackers attack their systems. While attackers run automated scripts and programs, our security and logging systems must intake and interpret this data down to actionable information in as near real time as possible—without bogging down defenders and responders with too much unnecessary information. Unfortunately, for many defenders and responders, this level of actionable defense is not achievable. In addition to lack of visibility, the vast majority of organizations in SANS surveys cite a lack of personnel and dedicated resources as their key impediments to rapid and accurate detection and remediation of real threats that apply to their enterprises.2 Security information and event management (SIEM) platforms and similar tools are meant to consume log and event information from a variety of endpoints, security devices and network flows, while providing a dashboard for analysts to drill down into events and use the information to accurately respond and remediate. Over time, SIEM tools have evolved to ingest more forms of log, threat, event and intelligence data, integrate and correlate it against threat intelligence and other contextual information, and advance their analytics techniques to include artificial intelligence and machine learning.3 Just how scalable, fast and accurate are these tools when under load? We decided to put the LogRhythm 7.2 Threat Lifecycle Management Platform to the test. We found that its clustered Elasticsearch indexing layer supported large log volumes of security and event data during simulated events that would require investigation and remediation. Some of the core strengths of LogRhythm’s system include its data processing, machine analytics, rapid search, and drilldown—all of which speak specifically to the need for speed and accuracy. Other strong features include LogRhythm’s security automation and orchestration through case management and SmartResponse™. We also found the Metrics tab for a case to be a helpful tool in benchmarking mean time to detect and other useful metrics, including time and completeness of remediation, and utilizing any new-found intelligence for trending and reuse.



Tagslogrhythm, scalability, hackers, systems, scripts