Tuesday, December 4, 2012
How LogRhythm Is Making Sense, and Security, Out Of Log Data, with Andy Grolnick
If you're a bank or large company, security is a never ending chore. And, it seems like there's always a new cyber-threat out there against your company. What kind of solutions are out there to help patch up your security holes, and detect issues in your network? One solution is offered by Boulder-based LogRhythm (www.logrhythm.com) which provides security and log management tools specifically aimed at this market. We caught up Andy Grolnick, the CEO of the company, to learn more about LogRhythm and how the company is looking to fill some of the holes present in the enterprise security market.
Let's start at the top. Can you describe what LogRhythm does?
Andy Grolnick: We're a provider of security information and event management services, insights, and visibility. There are three use cases. We help organizations, whether they are large enterprises, government institutions, or others, detect and defend from hard-to-detect, cyber-security threats. We also help them comply with regulatory requirements, whether that is PCI, HIPPA, Sarbanes Oxley, or whatever, where there are lots of requirements around monitoring log data around crticial systems. Lastly, that same analysis capability makes it very easy to understand performance and availability challenges around your IT infrastructure, and allows you to improve your operation and productivity.
Can you describe a little bit about how that works?
Andy Grolnick: There are lots of logs of events and machine data. Think of it as the digital fingerprint of everything going on in your IT infrastructure. For larger companies, it's literally billions of logs, and all kinds of transactional information per day. It's very much a big data challenge. There ar elots of insights you can get from that information, but it's impossible to manually make sense of it all. What we do, is we collect that data, in a high performance way, and bring in all that data and normalize it into a common format. They're initially in all different kinds of formats, depending on the systems or applications or network devices generating that information. So, we bring that into a common structure, and make it useful and actionable. That allows you to do automated and on-demand searches and reports, and we also have lots of built-in, out-of-the-box analytics that we can provide in real time or near real time, which can detect potential security threats or audit violations. For example, someone might be a privileged user, perhaps an IT employee at a large bank, and their credentials are valuable. Someone might want to fraudulently get a hold of those credentials, to get into a bank system, so that they might download data or redirect millions of dollars. One of the things you can do with LogRhythm, is detect if those credentials are being used in Chicago, and then suddenly has someone logging into the system in China or Russia within a three hour period, that might be something you want to know, so you can shut that account down--something else we can do in LogRhythm-- and avoid losing millions of dollars. That's just an example of the kinds of things we do and that our product can be used for.
Are there specific kinds of customers who find your software the most useful?
Andy Grolnick : There are some verticals where it's more interesting. Generally, it's broadly applicable to anyone with sizeable infrastructure. But, there are certain verticals, such as financial services, healthcare, retail, government, and utilities, who either have regulatory requirements or are more targeted on the cyber-threat side of things. Our customer base is a little more prevalent in those verticals, but it's really a value in any industry. It's for everyone who has challenges on the security, compliance, and operational side.
What's driving market growth and demand in your sector?
Andy Grolnick: It's hard to go through a week in the news when you don't' hear about a major cyber-attack or theft of data or intellectual property. In a lot of the traditional defenses, companies have to detect both external and internal threats. But, the products and solutions there are only doing part of the job. A lot of the attackers and folks who are responsible for those issues have gotten a lot more sophisticated. In over fifty percent of breaches of customer data and infrastructure have been due to custom malware. Those are types of things that traditional products like firewalls and Intrusion Protection Systems can't detect. What a solution like ours does, is it serves the role of filling the gaps, and being able to detect things that are not easy to detect with other solutions. The security landscape is always changing, so there is a need to adapt to that. Our solution has very broad capabilities in terms of detecting things that are hard to detect.
What's been the biggest challenge for you as a company?
Andy Grolnick: I think the general challenge is we've been growing fairly rapidly, and managing growth and continuing to build our business in the right way. We've certainly been paying attention to making sure we stay true to our values in customer care, and making sure we take care with our employees as we grow and get bigger.