LogRhythm, a provider of cyber-threat defense, detection and response services, this week announced enhancements to its SIEM (Security Information and Event Management) 2.0 Big Data security analytics platform, empowering organizations of all sizes to baseline normal, day-to-day activity across multiple dimensions of the enterprise. 

Early-generation SIEM techniques typically provide behavioral analysis against a silo of data, such as Netflow logs and authentication logs, rather than the universe of enterprise activity data (i.e., logs, flow and machine data). For many organizations, defining normal behavior is a difficult manual process. In either scenario, IT and security personnel remain blind to much of the behavior of today's advanced hackers, because the evidence of their activities are buried amidst massive volumes of false positive security events, or they're mis-categorized altogether as benign or ‘normal' activities. 

The enhanced SIEM 2.0 solution empowers organizations of all sizes to baseline normal, day-to-day activity across multiple dimensions of the enterprise. The system then analyzes against that baseline the massive volume of log, flow and machine data generated every second to discover anomalies in real-time. In doing so, LogRhythm enables IT administrators and security professionals alike to detect and respond to even the most sophisticated threats and breaches faster and with greater accuracy than ever before.

Further increasing the crippling volume of false positive events in first generation SIEMs is the inherent lack of data corroboration in these tools. Traditional uses of behavioral and correlative analysis are handled via separate technologies that don't integrate. LogRhythm's multidimensional approach integrates advanced correlative, statistical, behavioral and pattern recognition techniques to corroborate the identification of threats and breaches in real-time with greater accuracy.