LogRhythm announced the release of it’s SIEM Platform version 7.9 and updates to the NDR and UEBA.
Kish Dill, chief product and customer officer at LogRhythm said, “LogRhythm arms security teams with intelligent analytics and automated responses to reduce cybersecurity exposure, eliminate blind spots, and quickly shut down attacks. The company is changing the way we work by becoming customer-centric throughout our whole organization. We are listening to our customers and promise to deliver quarterly innovations that address the challenges our customers face every day. We recognize that security teams don’t have time to spare on long processes and inefficient workflows. With these latest updates, security teams will have the tools they need to make operations more effective and efficient to defend their organization against today’s top threats.”
The new features in LogRhythm 7.9, LogRhythm NDR (previously Mistnet NDR), and LogRhythm UEBA (previously CloudAI) help security teams overcome common challenges by enhancing workflows, accelerating threat response, and streamlining procedures.
These features include:
Admin API-enhanced automation: LogRhythm 7.9 enhances the Admin API library by adding system monitoring management endpoints. This allows SIEM administrators to manage the SysMon agent via the Admin API, allowing for automated process batching.
Embedded Expertise: LogRhythm’s out-of-the-box SmartResponseTM reduces customer time to value. LogRhythm 7.9 adds and improves SmartResponses to its already robust library of over 120 integrations.
Enable packet capture in UI: Enable packet capture in the UI so that users of LogRhythm NDR can download PCAP files for incidents and cases to gather more information, aiding investigations and enhancing threat hunting.
Easier and faster event log filtering: Filtering event logs have been made simpler and quicker thanks to a new feature in LogRhythm 7.9. Now that users can pick which kinds of Windows event logs the agent searches, processing logs happens faster, and the collection pipeline isn’t put under as much stress.
Expanded threat detection capabilities:
Improved LogRhythm NDR detection models: With it’s NDR’s improved analytics capabilities, users can detect a broader range of ransomware attacks.
Advanced analytics models: The company’s UEBA provides advanced UEBA analytics as a cloud-native, easy-to-deploy add-on for the 7.9 users. To ensure that modern complex attacks can be stopped and anomalies needing urgent attention can be found, models have been enhanced and new models added, further reducing alert fatigue and speeding up response times.
Policy violation alerts Policy violation notifications: To provide more context for what might be a risk, LogRhythm NDR provides alerts about expired certificates, weak cyphers used in connections, and authentication activity occurring in clear text.
Controlled overages with powerful license metering reporting: The company introduced a new reporting feature to make licensing overages more visible and understandable by showing any overages in the previous 30 days. This feature will help teams manage licence usage and cost more effectively.
Endpoint integrations have been expanded: It’s EDR integrations now include Cisco Secure Endpoint (formerly AMP for Endpoints).