Actu
LogRhythm’s Network Monitor 3 Boosts Advanced Threat Detection And Mitigation Via Deep Packet Analytics And Optimised Incident Response
May 2016 by Coline Magne
LogRhythm announced immediate availability of Network Monitor 3. This latest version of the industry’s leading network monitoring, analytics and forensics solution empowers organisations to detect, investigate and neutralise today’s most advanced and concerning threats such as ransomware, spear phishing and APTs faster and with greater precision than ever before.
Leading the list of new innovations introduced in Network Monitor 3 is Deep Packet Analytics (DPA). DPA performs real-time, automated, machine analytics on all network traffic, applying behavioural and statistical analysis to rich data sets produced by Network Monitor’s Full Packet Capture and Layer 7 SmartFlow™ features. The result is unprecedented speed and precision in detecting advanced threats traversing enterprise networks. This lowers the risk of high-impact breaches and improves efficiency and effectiveness of information security staff.
Beyond accelerating the detection of advanced threats, Network Monitor’s DPA also automates incident response investigations by enabling responders to create custom analytics rules that can inspect full packet streams in real time. Additionally, DPA enhances Network Monitor’s SmartCapture™ policies to trigger packet capture on traffic that is aligned with concerning network activities including known indicators of compromise (IOC). Other network monitoring and analytic platforms require the capture and storage of all packets regardless of their association with suspicious activity.
Additional innovations introduced in Network Monitor 3 include:
– Enhanced data visualisations – Built on Elasticsearch’s Kibana Big Data plug-in, Network Monitor 3 delivers new, highly intuitive and practical presentations of massive data sets, accelerating threat detection and incident response
– Extended Application Identification to over 2,700 – Growing the # of applications Network Monitor can identify in real-time by over 1,000 since the release of Network Monitor 2
– Increased speed and efficiency of packet capture viewing – Leveraging the REST API, Network Monitor 3 provides programmatic access to packet data for the LogRhythm Security Intelligence Platform or any 3rd party application
– Extended capabilities for extracting files, images and other content from full packet captures – Facilitating more rapid incident analysis and response
LogRhythm Network Monitor 3 is available for purchase today as a standalone solution or as a fully integrated component of the LogRhythm’s Security Intelligence Platform.
