Maximize the Value Of Your LogRhythm Deployment with Wire Data from ExtraHop
Reduce dwell time and combat threats against your most critical assets without succumbing to alert fatigue by combining wire data analytics from ExtraHop and leading-edge log analysis from LogRhythm Security Information and Event Management (SIEM) system.
Combine LogRhythm with Wire Data insights from ExtraHop For Greater Security Visibility, Focus, and Automation Than Ever
By merging log data with LogRhythm and real-time wire data insights with ExtraHop, you create the most effective, accessible, and complete security dataset available. With total north-south and east-west visibility, and unprecedented forensic lookback, you can reduce dwell time of threats, prioritize your most critical assets, and automate investigations into the most severe threats.
ExtraHop enables you to fully analyze every packet in your environment in real time and forward precisely what you want to LogRhythm. With ExtraHop, there is no data loss, no limitations on what you can analyze, and no delay before high quality actionable data is made available to LogRhythm in the expected format.
With ExtraHop and LogRhythm in place, SECOPS teams can adopt a proactive security posture - detecting and shutting down threats before they turn catastrophic, and leveraging real time insights to assure the business's critical assets are always secure.
Visibility into SSL traffic bypassing the proxy
Use ExtraHop to detect non-whitelisted clients and users attempting to access restricted content and forward the details to LogRhythm for further analysis and action.
ToR activity surveillance
Use ExtraHop and LogRhythm to detect traffic to known ToR nodes and forward the details to LogRhythm for further analysis and actions.
DNS payload / exfiltration auditing
Use ExtraHop to detect and forward the specific DNS packets that exhibit possible tunnelling behavior to LogRhythm for further analysis and action.
Database SQL DROP command surveillance
Use ExtraHop to detect non-whitelisted clients and users attempting to execute "DROP" table commands and forward details to LogRhythm for further analysis and action.
Service account auditing
Use ExtraHop to detect service accounts being used to interactively remote desktop login to other Windows hosts and forward the details to LogRhythm for further analysis and action.
How It Works
The ExtraHop appliance requires no agents and integrates with LogRhythm out of the box. Built for speed and scale, ExtraHop passively analyzes every packet that flows across your enterprise at a sustained 40 Gbps, decrypting, reassembling, filtering, and extracting actionable insights before streaming the data to LogRhythm. Extensive support for the most commonly used enterprise applications and protocols gives you maximum visibility and choice over what wire data you send to LogRhythm.