Organizations are increasingly gathering security event data and logs for a broad range of uses; these provide an excellent starting point for effective security event management. IT and security staff need tools that are as sophisticated as those used by threat actors. Network defenders need accurate and rapid sorting, normalization and analysis across large sets of event information from multiple devices. this typical ""Big Data"" problem is complicated by the need for advanced real-time analysis during an event, as well as after the fact for remediation.
With these assumption as a foundation, SANS conducted a review of LogRhythm version 6.1. This functional review, conducted by senior SANS Analyst Dave Shackleford, shows LogRhythm's SIEM toolset capable of analyzing and reporting on security data in many different ways, with easy-to-use features. This release adds more complex analytics and analysis features, with additional attention given to behavioral whitelisting and analysis.