Security intelligence firm LogRhythm Inc. today announced major advancements to its cloud-native security information and event management platform aimed at rounding out its ability to detect, investigate and respond to potential threats within a security operations center.

The new release has a foundation of incident response. Security teams can now leverage Axon to automate team workflows through case management. Case management in LogRhythm Axon enables analysts to create cases automatically that enable investigative workflows to track responses to threats, mitigating duplication of efforts and optimizing threat mitigation strategies.

Another new feature in Axon, Signal Replay, has been designed to allow SOC teams to test analytics rules to ensure detections are optimized for their environment.

LogRhythm SIEM now provides integration of log source onboarding through centralized management. The enhanced SIEM capability eliminates the need for administrators to navigate several servers and user interfaces to complete onboarding, streamline workflows through a single interface, increase productivity and reduce the administrative process by half, according to the company.

The new release has also been designed to bridge the skills gap with features that enhance the productivity and onboarding processes for security analysts. New in-product resource centers for LogRhythm SIEM and LogRhythm Axon equip security teams with the tools they need to understand how to use platforms. A resource hub provides access to tutorials, documentation, release information and the LogRhythm Community for support from the security community.

Additional enhancements to LogRhythm Axon include new user anomaly detection to protect against abnormal access attempts into an organization’s environment. New case management features automate incident response and investigative workflows and cases and email notifications can be automatically created or sent when an analytic rule is triggered. Users have also gained the ability to search common events to find relevant security events across different vendors’ log sources without having prior knowledge of the underlying log structure.

LogRhythm SIEM has been enhanced with streamlined onboarding of Beats and Open Collectors, a collection of LogRhythm services that gather and normalize data from various cloud providers in a single location to cut the workflow in half. Enhanced application programming interface log source onboarding delivers easier management of Open Collectors and Beats and an expanded library of supported log sources and parsing for improved correlation and analysis.

“We believe that by driving continuous improvements in innovation delivery rooted in well-understood customer needs, we can empower our product users to navigate the complex world of cybersecurity with confidence and efficiency,” said Chief Executive Chris O’Malley.

Image: LogRhythm