Will LogRhythm's new SIEM solution be able to compete with the big boys?

One of the last independent Security Information and Event Management (SIEM) vendors, LogRhythm, today launched the latest version of its event and log management system, LogRhythm v6.0.

The firm claims the product has seen major enhancements that should increase take-up of the product.

The three new features include accelerated protection of threats and breaches; automated and intelligent response to those threats and breaches; and an expansion of the embedded expertise in the intelligence engine.

This launch follows a flurry of activity within the SIEM market recently: last week, IT giant IBM acquired Q1 Labs, and McAfee, owned by Intel, acquired Nitro Security.

Last autumn, HP shelled out $1.5bn (£950m) for another top independent SIEM vendor, ArcSight.

LogRhythm's managing director, Ross Brewer, explained why SIEM systems play such an important role within the enterprise: "They help with compliance, including protective monitoring, PCI-DSS and GPG 13. More broadly, our systems help with security and IT operations analysis," he said.

Ovum principal analyst Graham Titterington agreed regarding SIEM's importance: "SIEM has become a primary security tool and this has taken precendence over its historical role as a compliance tool," he said.

However, unfortunately for LogRhythm, Titterington argues that larger organisations are more likely to buy a SIEM solution from one of the bigger vendors (such as IBM or McAfee) as part of a broader purchasing decision. "They are trying to reduce the number of suppliers they buy from," he said.

"They are keen to reduce contractual relationships and improve the integration of such systems into their infrastructures," added Titterington.

"In addition, the larger vendors should be able to put more investment into their [SIEM] purchases.

"Remember there's a big R&D element in SIEM, so the bigger vendors with deeper pockets should be able to – theoretically – outpace the smaller vendors," he concluded.

LogRhythm's system can be deployed as a hardware appliance, software running on industry standard servers, or a virtual instance for Amazon EC2, Citrix XenServer, Microsoft Hyper-V or VMware ESX.

Users can also choose a high-availability system with automatic failover, or deploy it as a managed service through MSSPs.