Cloud and artificial intelligence (AI) are two of the core aspects driving digital transformation around the world.
Now, LogRhythm has reinvented the definition of security information and event monitoring (SIEM) by merging the two technologies together - you can see the results in Gartner's latest SIEM report.
Chief technology officer, senior vice president of R&D and co-founder of LogRhythm, Chris Peterson says the dream began 15 years ago, based off two fundamental beliefs:
- Companies and agencies were running blind when it came to detecting advanced threat actors, and nations were leaking data
- There was a need for holistic machine-based analytics to uncover these advanced threats
The first technology that Peterson and fellow co-founder Phil Villella designed together was the Vector Analysis Engine, built on the theory that if they could model the behavior of user activity, they could identify compromised credentials and users that had gone rogue.
“Our initial work proved the existing class of SIEM solutions was architecturally flawed. To realise our analytics vision, we had to transform the notion of SIEM from a security event correlation technology into a holistic machine data analytics technology,” says Peterson.
“We knew that if we were to have a chance at accurately detecting the evidence of advanced threat actors operating from within the IT environment, we’d need broader forensic visibility and the ability to apply advanced analytics models across 100 percent of that data. So we set out to build a platform that could satisfy these needs.”
Peterson says that today they’ve largely realised their initial vision after building the industry’s leading platform for threat lifecycle management.
“The LogRhythm platform is built on a holistic machine data analytics foundation, able to apply a variety of analytics methods across 100 percent of the data in support of advanced threat detection, and provides security teams with streamlined workflow and automation to enable rapid response to qualified threats and incidents,” says Peterson.
“However, while today we’re a leading innovator in our market, we are far from done. The challenge of detecting 100 percent of threats with 100 percent accuracy is far from solved. To further our realisation of this quest, we have spent the past two years building our next foundational analytics technology: CloudAI.”
Peterson says they constructed CloudAI to further their analytics vision, specifically through the application of AI technologies, such as machine learning (ML).
Essentially, this new technology will streamline every process and ensure that no threat goes undetected. AI-enabled security operations centres (SOCs) will allow security analysts to focus on high-level decision that require intuition and creativity as your technology outpaces the sophistication and volume of your attackers.
“As a company, we are confident LogRhythm is uniquely positioned to lead this AI technology revolution. Our confidence is based on three factors that are critical for unlocking the promise of AI/ML: data, domain, and data science,” says Peterson.
“First, we live and breathe machine data. Our patented data processing technology unlocks a deep and consistent comprehension of machine data for over 800 types of technologies. Data quality is ingredient no. 1 for AI/ML success.”
Peterson says the company has a profound domain knowledge when it comes to detecting threats through holistic analytics methods with their engineering and threat research teams.
“Last, we have the data science. Data science was our origin 15 years ago, and since then, we have built an incredibly talented team of data scientists focused on our customer mission,” says Peterson.
“With the introduction of CloudAI, we further unlock our expertise in the realm of data science for the benefit of our customers and the market.”
Peterson says LogRhythm's initial application of CloudAI will serve to enhance their existing User Entity & Behavioral Analytics (UEBA) offering through deeper behavioural modeling of user activity, with a combination of supervised and unsupervised machine learning.
“We are excited to see our UEBA customers benefit from CloudAI, realising additional simplicity, acceleration, and accuracy when it comes to the detection of user-based threats,” says Peterson.
“With today’s launch of CloudAI, we are immensely proud and excited to be taking yet another innovative step forward towards our vision of delivering the AI-enabled SOC.”