There’s no doubt that in today’s fast-paced security environment, it’s critical that organisations can detect and respond to threats as quickly as possible.
Unfortunately, many organisations are struggling to keep pace with the speed in which hackers are attacking their systems, citing a lack of actionable insights, personnel and dedicated resources that inhibit their ability to remediate threats quickly and accurately.
The purpose of a security information and event management (SIEM) platform is to alleviate this issue, consuming log and event information from a variety of endpoints, security devices and network flows, while providing a dashboard for analysts to drill down into
events and use the information to accurately respond and remediate.
But just how scalable, fast and accurate are these tools when under load?
Cybersecurity training institution SANS decided to answer this question by putting the LogRhythm 7.2 Threat Lifecycle Management Platform to the test.
The company constructed a mock deployment that represented the infrastructure of a large organisation, comprehensively putting the LogRhythm SIEM solution to the test with roughly 130,000 log sources (26 billion logs).
In their assessment, SANS specifically focused on things like;
- Ease of use
- Scalability and performance across large, distributed data sets
- Host-based policies and configuration capabilities
- Rapid searching, analysis and incident correlation
In their findings, SANS found that the LogRhythm solution was particularly proficient in data processing, machine analytics, rapid search, and drilldown - all of which speak specifically to the need for speed and accuracy.
The solution was tested on a massive plethora of different categories, leaving no stone unturned in assessing whether it truly delivered on its promises.