Host Forensics
Protecting your organization from advanced threats, compliance violations and operational issues is an ongoing process. It requires broad visibility, continuous monitoring, advanced analysis and pattern recognition, intelligent countermeasure capabilities, and ongoing adaptation to new and evolving issues and threats. A key component of that process is having the extended visibility to correlate what's happening at the host level to event data throughout the network. LogRhythm delivers extended visibility and protection via fully integrated Host Activity Monitoring.
Correlating network-wide event data with activities occurring at the host level is often hindered by the fact that critical host-based activities may not be consistently logged, often requiring multiple solutions to fill in the information gaps. Host Activity Monitoring provides independent awareness and insight into what's happening on a host, providing a critical layer of protection from a broad spectrum of problems, ranging from important operational events such as system and application failures to security and compliance violations tied to unauthorized or malicious activity.
Centrally monitored and managed as a fully integrated component of LogRhythm, Host Activity Monitoring includes:
- Independent logging of critical host activity
- Comprehensive event detail
- Protection from zero-day attacks and critical failures
- Prevention of unauthorized data transfers
- Full integration with all event data for true correlation and event context
Independent Process Monitor
Detects and records process and service activity that may not otherwise be reported. This can identify and alert on important behavior such as hosts running black-listed processes (such as peer-to-peer clients), critical processes stopping or any non-approved process starting up.
Windows Registry Monitor
Monitors the Windows Registry for additions, modifications, deletions,permission (ACL) changes, and ownership changes. This visibility provides greater insight into changes or manipulations of Windows operating systems, including the addition of new startup processes, to detect advanced threats and compromised hosts.
Network Connection Monitor
Independently records network connection activity to and from the host, providing a detailed, independent log of all network connections opened and closed on a host. It detects and alarms on critical events such as unauthorized web or FTP servers.
Data Loss Defender
Monitors and prevents data movement to/from removable media such as CD/DVD-RW devices and USB drives. Data Loss Defender logs, alerts on, and audits all movement of data to removable media ports and can optionally block data transfers on selected machines and devices.
User Activity Monitor
Logs any user or process that authenticates to a host. This independently records an audit trial that can be used to either supplement local auditing systems or to validate that system logs have not been modified on the host.
LogRhythm's Host Activity Monitoring, combined with LogRhythm's comprehensive Security Intelligence Platform, provides tremendous visibility into what's going on where, and when it happens throughout the IT Environment. And by harnessing the power of SmartResponse™, it can provide extensive, active protection at the host level from advanced threats, compliance violations, and operational issues.
For more information, contact i2S now to determine how LogRhythm can help secure your network.
To learn more about LogRhythm, visit the LogRhythm website.
