Stopping Security Breaches, Power-Grid Hackers, and Malicious Insiders

LogRhythm's 5th gen security product arrives

A few days before LogRhythm announced LogRhythm 5.0, its integrated log and security information event management platform, a story broke in the Wall Street Journal that spies had hacked into the US electrical utility system and left tools behind that revealed their monitoring of the power grid. The story raised an outcry in the general press about computer security in the nation's infrastructure.

Knowing that LogRhythm was addressing security compliance standards of the North American Electric Reliability Corporation (NERC), the regulatory arm of the industry, in its LogRhythm product, I was interested in what Michael Reagan, LogRhythm's vice president of marketing and business development had to say about the story. In contrast to the emotion expressed by others, his reaction offered some perspective.

"What's really interesting about what we saw yesterday and in the last six to nine months, an event like that is usually a call to action," Reagan said. "But for the last six to nine months, we've seen an interest by utilities in deploying solutions not just to meet NERC CIP \[cyber security standards\] but because they realize the threat is real. The comforting thing is not that they're afraid now—they've been appropriately sensitive \[to the risks posed by hackers and terrorists\]. We need to have a steady state of vigilance and there's a mindset \[in the industry\] of 'we need to continue the vigilance.'"

The WSJ story mentioned external attackers but for many other organizations the greater security risk is the one posed by careless or malicious insiders. Reagan said that LogRhythm 5.0 addresses that and other threats by integrating log and security information event management in one platform, the only solution to currently bridge those two areas.

LogRhythm provides a full picture of what is occurring in an enterprise system, thanks to file monitoring, alerting, and endpoint monitoring for removable media devices. The solution alerts about near-real-time activity and lets admins track activity down to the individual user.

It can also prevent theft by blocking data transfers on selected machines and devices and can monitor, log, alert, and audit all data movement to removable media ports. The solution addresses the need many companies have for a single solution that does many things instead of having to buy multiple products, Reagan said. For more information, see LogRhythm's website.



Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.