Log analysis startup LogRhythm is the latest vendor to try and tempt businesses with a system for picking up insider threats before damage is done.
The Boulder Colorado-based company has announced version 4.0 of its still very new LogRhythm software for analysing the sort of network events that normally sit undiscovered in log files, assuming they are even generated at all.
The system has a number of layers, starting with an event-monitoring system that allows the admin to detect different filename patterns in real-time, relating this activity to IP addresses and users. Thresholds can be set so that if and when security policies are breached on these parameters, the admin is alerted to a console or remotely paged.
The new version also uses a Universal Database Log Adapter (UDLAT) interface to capture log data from any ODBC-based database – Microsoft SQL Server, Oracle or IBM’s DB2 for instance – allowing it to be analysed for unusual activity, including a rogue admin turning off auditing.
The application claims to solve one of the problems with database logs, namely that they don’t necessarily generate enough data to detect the sort of security issues that are now hitting database managers. LogRhythm can generate metadata fields to track things such transaction quantities greater than specified quantities in financial applications, as well as unusual database activity, tracing such data back to specific sessions.
The reporting function can turn complex events into reports than let staff more easily identify anomalies, with enough drill-down to spot the sources of possible security breaches.
"Log and event management is now a requirement for virtually every regulatory mandate and security standard, yet few products provide a truly integrated solution for both disciplines," said LogRhythm’s founder and CTO, Chris Petersen.
"Our 4.0 release extends the power of our integrated platform to take full advantage of logs at the application and database layer, making LogRhythm ideal for advancing insider threat detection, data privacy and operations intelligence," he said.
Tracking the often hard-to-detect handiwork of the crooked insider is becoming one of security’s most fashionable trends, not surprising given that they are now ranked by some as one of the biggest security worries. Too many companies tend to build application and network security on the basis that insiders are to be trusted. This is astonishing given that it has long been axiomatic that the insider is invariably the one who does the most damage.
LogRhythm 4.0 is available immediately, with pricing starting at $20,000.