Security intelligence firm LogRhythm Inc. today announced the launch of a new version of its security information and event management platform with new features to help security teams.

LogRhythm says its SIEM Platform 7.9, in conjunction with updates to LogRhythm NDR and LogRhythm UEBA, helps security teams overcome everyday obstacles by accelerating threat response, improving workflows and simplifying processes. The new version offers faster time to value through improved analyst workflows, including enhanced automation with Admin API.

LogRhythm 7.9 is said to improve Admin API by adding system monitoring management endpoints to the API library. The addition of LogRhythm SysMon enables SIEM administrators to connect through the Admin API and manage the SysMon agent, allowing for automated process batching.

The new release has added and enhanced SmartResponses to an extensive library of over 120 integrations. The additions accelerate customer time to value through LogRhythm SmartResponse.

A feature to enable packet capture or PCAP in the user interface in the 7.9 release allows LogRhythm NDR users to download PCAP files for specific incidents and cases. The feature will enable users to gather more details to help investigations and improve threat hunting. Easier and faster event log filtering in the release allows users to select the types of Windows event logs the agent queries, accelerating the time to process logs and removing the burden on the collection pipeline.

On the security side, 7.9 offers expanded threat detection capabilities through enhanced LogRhythm NDR detection models. Users can now detect a more comprehensive array of ransomware attacks with LogRhythm NDR’s improved analytics capabilities.

Advanced analytics models in the release see LogRhythm UEBA offer advanced analytics as a cloud-native add-on for LogRhythm 7.9 users. The models used in the new release have been improved and new models have been added to ensure complex attacks can be detected and anomalies requiring priority attention can be identified, further reducing alert fatigue and accelerating response times.

Other features in the new release include new policy violation alerts and extended flexibility. Expanded endpoint integrations include support for Cisco Secure Endpoint (formerly AMP for Endpoints) in its EDR integrations.

“LogRhythm arms security teams with intelligent analytics and automated responses to reduce cybersecurity exposure, eliminate blind spots and quickly shut down attacks,” Kish Dill, chief product and customer officer at LogRhythm, said in a statement. “With these latest updates, security teams will have the tools they need to make operations more effective and efficient to defend their organization against today’s top threats.”

Image: LogRhythm