At LogRhythm, we’re constantly looking for ways to make the life of a security analyst easier and that is why we are always listening to our customers to prioritize the features that matter. With this LogRhythm NDR release, we enhanced capabilities in the platform to make threat hunting easier by surfacing contextual information in the user interface (UI) to empower faster response times.
For customers monitoring network segments with a network load balancer in the mix, the load balancer can mask the IP addresses behind that device. We wanted to simplify the process of unmasking and bringing those unique IP addresses to the analyst, so we can now harvest that telemetry from PCAPs and surface that information into the event and incident details. Instead of finding specific PCAPs, opening them, and searching for the origin or destination and IP of that traffic, that information is accessible right away as the information is surfaced in the user interface for easy investigation and prioritization of incidents that need to be investigated. Less clicking. Less digging. More context up-front.
We want to make it crystal clear as to why we are flagging specific incidents. With our anomaly models, we now show the expected behavior alongside the observed behavior when activity deviates from the baseline. This gives the analyst more context into why anomalous activity was flagged and why it is important. Instead of the analyst having to dig deeper into the incident, the context around that incident is immediately surfaced, helping analysts reach resolutions quicker.
As with every quarterly release, we’re continuously monitoring the ever-changing threat landscape and adjusting our detection capabilities and techniques to ensure higher fidelity signal for our customers. By always enhancing detection techniques and capabilities, analysts will gain efficiency in their workflow, thus spending more time on the threats that matter.
We are excited to deliver our sixth consecutive quarterly release of innovations on the LogRhythm NDR platform, keeping our promise to you. Information and documentation on all these new enhancements can be found in our Release Notes, further enabling our customers to realize the full value of the LogRhythm NDR platform.
To learn more about LogRhythm NDR, read the product data sheet or schedule a demo here.
The post Threat Hunting with LogRhythm NDR appeared first on LogRhythm.
*** This is a Security Bloggers Network syndicated blog from LogRhythm authored by Michelle Beastall. Read the original post at: https://logrhythm.com/blog/threat-hunting-with-logrhythm-ndr/