Network ForensicsLogRhythm Information Security

True enterprise security intelligence requires real-time awareness and an understanding of all data traversing the network. LogRhythm's Network Monitor provides both application level awareness and rich network session details, delivering enterprise-wide network visibility.  By deriving a rich set of fully searchable metadata, Network Monitor provides rapid access to highly valuable for forensic evidence, resulting in rapid and in-depth understanding of network activity. In addition, Network Monitor’s ability to perform full packet capture provides access to each session’s raw packet details for additional forensic evidence.

The LogRhythm Network Monitor provides visibility critical to detecting and responding to today’s advanced threats. It enables organizations to:

  • Baseline network behavior to immediately pinpoint abnormal activity
  • Detect unauthorized or suspicious application activity
  • Expedite network forensic investigations
  • Perform full session packet capture for advanced forensics
  • Prevent sensitive data loss
  • Monitor application bandwidth consumption

 

Network Monitor Capabilities:

  • True Application IdentificationIdentifies more than 2,300 applications for in-depth analysis by performing deep packet inspection and applying multiple classification methods to determine the true identity of the application.  True application ID provides the visibility necessary to detect critical activities such as suspicious data transfers, network usage policy violations and advanced attacks.
  • Unstructured Search, Powerful Analysis - Provides rapid access to SmartFlow™ details via a powerful, “Google-like” search engine that streamlines and simplifies network forensic investigations.  Results are presented in highly informative visualizations and custom layouts, enabling blazingly fast analysis of network packet data.
  • Full Session Packet Capture - Captures full layer 2 through 7 packet header and payloads from each session for a complete record of network activity.  All information is organized by session, providing full context of application communications and content transferred across the network.
  • SmartCaptureTMProvides full packet capture without the extensive storage requirements of traditional solutions by retaining only sessions of interest or excluding specific applications from packet captures.
  • Continuous Search Based Alerting - Performs continuous, automated analysis on saved searches to immediately detect when specific conditions are met.

 

LogRhythm Security Intelligence

The LogRhythm Network Monitor can be deployed stand-alone or as a fully integrated component of LogRhythm’s award winning SIEM, delivering unparalleled security intelligence across the entire network’s activities. The integrated platform includes:

  • Real-time security analytics across all forensic data recognizing highly concerning events across:
  • Network-wide log and audit data
  • Independently collected host activity via LogRhythm System Monitor
  • Independently collected network activity via LogRhythm Network Monitor
  • Comprehensive, out-of-the-box capabilities for Network Behavior Anomaly Detection (NBAD)
  • Powerful search and visualization, including drill down, pivoting, and correlation, to expedite investigations 
  • Triggering of full session packet capture by Network Monitor’s SmartCapture™ in response to high priority activities recognized by the SIEM.
 
 
For more information, contact i2S now to determine how LogRhythm can help secure your network.  

 

To learn more about LogRhythm, visit the LogRhythm website.