Log data is basically anything that creates a transactional log activity. For example, when a person sends an email, the log data is the user’s IP address, the date, and time it was sent.
The LogRhythm platform is able to capture that data from routers, firewalls, switches, and applications. The platform brings that data into a centralized area and normalizes it.
LogRhythm’s Threat Lifecycle Management Platform then creates a baseline of normal activity and is able to compare any suspicious activity to that baseline of information. “We can baseline any kind of activity and can be alerted on deviation,” said Andy Grolnick, LogRhythm president and CEO. “There are known scenarios or patterns of activities that are not good, and we have a lot of rules out-of-the-box that represent those scenarios or patterns.”
Not only does the platform analyze data to spot actual or potential threats, but LogRhythm’s platform also provides enterprises with tools to mitigate threats before they can cause any damage, said Grolnick.
“Every digital transaction that occurs within a network creates a digital fingerprint leaving evidence of the activity,” Grolnick said.
LogRhythm offers a search function for its platform so users can find the information they are looking for without having to sift through it all. Grolnick claimed that users can ask questions of the data in any shape or form and it will automatically pull up what you are looking for.
LogRhythm’s target customers are any digital enterprises that deal with large amounts of data. The company’s customers include Macy’s, NASA, the U.S. Air Force, and Amtrak.
The company was founded in 2003 and has updated its platform with capabilities like incident response and elements of machine learning, Grolnick said. The company has raised more than $100 million in equity funding, and has over 600 employees globally.