LogRhythm’s Network Monitor 3 Boosts Advanced Threat Detection And Mitigation Via Deep Packet Analytics And Optimised Incident Response

Detects Ransomware, Spear Phishing, APTs and Other Tier-1 Threats Faster

May 17, 2016— LogRhythm, The Security Intelligence Company, today announced immediate availability of Network Monitor 3. This latest version of the industry’s leading network monitoring, analytics and forensics solution empowers organisations to detect, investigate and neutralise today’s most advanced and concerning threats such as ransomware, spear phishing and APTs faster and with greater precision than ever before.

Leading the list of new innovations introduced in Network Monitor 3 is Deep Packet Analytics (DPA). DPA performs real-time, automated, machine analytics on all network traffic, applying behavioural and statistical analysis to rich data sets produced by Network Monitor’s Full Packet Capture and Layer 7 SmartFlow™ features. The result is unprecedented speed and precision in detecting advanced threats traversing enterprise networks. This lowers the risk of high-impact breaches and improves efficiency and effectiveness of information security staff.

“When an attack hits, the tools we use need to have broad capabilities, be highly intuitive with a practical interface, and enable us to be efficient and precise in our response,” said Jack Callaghan, senior security engineer, CISSP CISM CIPP, Pulte Mortgage. “That’s exactly why we selected LogRhythm’s Network Monitor solution and Security Intelligence Platform over the competition and have made it core to our information security arsenal.”

“Most organisations are blind to a growing number of advanced threats crossing their network today,” said Chris Petersen, CTO/Co-Founder at LogRhythm. “Deeper visibility into suspicious network activity, coupled with powerful analytics and more efficient incident response is what’s needed to detect and mitigate these threats before they can have a material impact. That’s exactly what Network Monitor 3 is providing to our customers.”

Beyond accelerating the detection of advanced threats, Network Monitor’s DPA also automates incident response investigations by enabling responders to create custom analytics rules that can inspect full packet streams in real time. Additionally, DPA enhances Network Monitor’s SmartCapture™ policies to trigger packet capture on traffic that is aligned with concerning network activities including known indicators of compromise (IOC). Other network monitoring and analytic platforms require the capture and storage of all packets regardless of their association with suspicious activity.

Additional innovations introduced in Network Monitor 3 include:

• Enhanced data visualisations – Built on Elasticsearch’s Kibana Big Data plug-in, Network Monitor 3 delivers new, highly intuitive and practical presentations of massive data sets, accelerating threat detection and incident response
• Extended Application Identification to over 2,700 – Growing the # of applications Network Monitor can identify in real-time by over 1,000 since the release of Network Monitor 2
• Increased speed and efficiency of packet capture viewing – Leveraging the REST API, Network Monitor 3 provides programmatic access to packet data for the LogRhythm Security Intelligence Platform or any 3rd party application
• Extended capabilities for extracting files, images and other content from full packet captures – Facilitating more rapid incident analysis and response

“Detecting threats that are latent in your network requires intelligence that is derived from real-time analysis of network traffic”, says Eric Ogren, senior analyst at 451 Research. “We find identifying applications, correlating historical user and machine activity and analysing network packets for anomalies, to be fundamental to behavioural analytics, which is rapidly becoming a critical element of enterprise security strategies. LogRhythm’s Deep Packet Analytics and Security Intelligence Platform form a combination that can help security teams detect threats before significant damage occurs.”

LogRhythm Network Monitor 3 is available for purchase today as a standalone solution or as a fully integrated component of the LogRhythm’s Security Intelligence Platform. To view LogRhythm’s Network Monitor 3 features & capabilities, click here. (https://www.youtube.com/watch?v=-oALDKcjCnA)