LogRhythm announces enhancements to both new and legacy products as they pivot from traditional SIEM

LogRhythm makes new product enhancements that improve both its Axon next-gen SIEM and their legacy SIEM offering, which will continue to be offered as long as the existing install base wants it,

Kevin Kirkwood, LogRhythm’s deputy CISO

LogRhythm just announced its 20th year anniversary. They are a long-time player in the SIEM and SOAR space, drawing security-related insights from disparate data sources. Recent years have not been kind to the sector however, as many customers have considered SIEMs expensive for the value they provide, while SOARs never quite delivered on their early promise. As a result. LogRhythm recently began pivoting its business, including adding new types of innovative solutions.

“A major issue was that SIEM and SOAR as separate systems were hard to understand,” said Kevin Kirkwood, LogRhythm’s deputy CISO. “Customers didn’t really understand what they were going after. “Having a separate system meant that the customer had to go to two places to see security information that could then be acted on. That is why LogRhythm built orchestration plug-ins directly into our SIEM. Accordingly, while we are still a SIEM company, we are in the processing of flipping that as an organization, and started changing a little more than a year ago. We shifted all products over to a quarterly release schedule that allows us to meet the needs of our customers and allows us to innovate by bringing elements like UEBA and NDR more in line with the SIEM product. UEBA and NDR should always be considered as table stakes for a company that wishes to be secure, and we will be integrating them into our product. Promises were made and promises were kept.”

One of the new offerings is LogRhythm Axon, which was launched in October 2022.

“Axon is our next-generation SIEM platform,” Kirkwood. “It is cloud native and 100% SaaS, on our microservices platform. It is built on a method that allows us to issue releases much more regularly than the last, when they came out each quarter. We can potentially see up to 26 releases into the product as we have moved to CI/CD processing.”

LogRhythm’s traditional SIEM platform remains on the market however, and Kirkwood said there is a good reason for that.

“In 20 years in business, you build up a customer base, and we have more than 2000 customers on the LogRhythm platform,” he stated. “We want to make sure we carry the load for them and transition them effectively into cloud-native Axon. We have these good customers and they need to be ready to transition over. It’s not something where we can show them the value of transitioning to the new  product overnight. We are building a program to allow us to do that.”

LogRhythm earlier announced the successful expansion of the LogRhythm Axon platform into Europe. They are now announcing some feature enhancements as well. Webhook collector makes it easier to integrate SaaS applications and expand visibility. Similarly, the assignment of threat severity to observations lets analysts easily identify highly critical observations and rapidly respond. Exporting and importing log source types now also enables quicker access to parsing custom policies, simplifying the analyst experience. Finally, email alerts have been added to reduce threat response times.

The legacy LogRhythm SIEM also received significant updates.

“We are still actively investing in that platform, and are putting a new update up every quarter,” Kirkwood indicated. “Our high-performance JSON parsing engine enables admins to easily ingest logs at a high rate and simplify the analyst experience. That will let us look at JSON natively and deliver the backup through the end of that product.”

In addition, the automated distribution of logs across data processors saves time and resources, and a new streamlined Web Console with improved visibility and operational efficiency helps customers better manage their infrastructure. LogRhythm SIEM on demand training has also been added for several new languages, including Spanish, French and Portuguese.

LogRhythm NDR [Network Detection and Response] is one of the newer additions to the SIEM platform, using both machine learning and deterministic detection techniques to gain seamless visibility into threats in network traffic.

“Our NDR lets us look at our network traffic, and determines if something is anomalous,” Kirkwood said. “It’s also about how we do things smarter and better and improve performance. We are currently showcasing this in India.”

Looking forward, Kirkwood said that LogRhythm is on the right path for strong growth.

“We are making changes and growing the space, and getting stronger every day,” he stressed. “Our product base will continue to grow, and we benefit because we have always had a very strong community of resellers and integrators, including SIs and MSPs. We expect to see a hockey stick effect in sales of Axon, because it is easier to use for clients and MSPs, That will help us ramp up and take off. You will see us take over some lower level competitors we have played against.”