Network Detection and Response targets smaller security teams looking to do more with less
LogRhythm is introducing an addition to its next-gen SIEM offerings that features automated detection, qualification, investigation, and response for advanced, network-borne threats. While those capabilities would benefit just about any size organization, LogRhythm’s new NDR offering is especially well-suited for teams that are long on security operations needs but short on staff.
The Lowdown: LogRhythm NDR combines Layer 7 network traffic monitoring, full packet capture, multi-method threat detection, and workflow automation to help security pros find and respond to the kinds of network-borne threats that are often missed, particularly in environments with overworked and understaffed teams of security analysts.
The Details: LogRhythm NDR should boost the network threat detection and response capabilities of most security teams without having to add staff or new network forensics expertise.
Under the hood, NDR offers:
• Deep network traffic visibility, including application identification and meta-data extraction of encrypted and unencrypted network sessions, recognition of 19 SCADA protocols, and squelchable packet capture for high-fidelity forensic analysis.
• Multiple threat detection methods, including deep inspection of traffic metadata against known indicators of compromise, scenario modeling for known tactics, techniques, and procedures, and behavior profiling and anomaly detection for rooting out insider and zero-day threats.
• Workflow-integrated security orchestration, automation and response (SOAR) features with real-time alarm monitoring, rapid access to forensic and threat intelligence, collaborative case management, customizable playbooks, and built-in measurement and reporting metrics to help security teams boost their effectiveness over time.
LogRhythm’s NDR solution is available now as a subscription. Pricing is dependent on the amount of data analyzed.
The Buzz: “Security teams are often understaffed, overwhelmed by false positives and lack the necessary network visibility and analytics required to detect and respond to advanced network-borne threats,” said Chris Petersen, co-founder and chief product and technology officer at LogRhythm. “With the introduction of LogRhythm NDR, security teams now have the necessary visibility, analytics, and automation to not only successfully surface hard-to-see threats, but to also do so faster and more accurately — no matter how resource-constrained they might be.”
“The combination of real-time monitoring and full-response capabilities have been critical for enabling us to detect and respond to threats quickly and efficiently,” said LogRhythm user Dan Ney, enterprise technology security and risk lead at the accounting firm Baker Tilly. “We’re confident in LogRhythm NDR’s ability to help other security teams realize the same time to value that LogRhythm has allowed us to realize.”
“Incident response teams need detailed network information and key forensics insight to investigate incidents — yet they may not have network forensics expertise, or the time needed for detailed forensic investigation and packet analysis,” said Jon Oltsik, of industry analyst firm ESG. “A solution like LogRhythm NDR is a welcome addition to the marketplace, because it can help provide the automation that security teams need to detect and respond to threats earlier in their lifecycle. As a result, LogRhythm NDR can help eliminate time-consuming manual tasks, while allowing security analysts to focus on the higher-value activities that require direct human touch.”