Managing User Risk: A Review of LogRhythm CloudAI for User and Entity Behavior Analytics
In this review, we explored the recently released LogRhythm CloudAI, which provides user-focused behavioral analysis built into LogRhythm. CloudAI encompasses a robust NextGen SIEM solution to extend recognition of user threats. LogRhythm’s application of user and entity behavior analytics (UEBA) capabilities can significantly enhance a traditional event management and security analytics tool set to monitor behaviors tracked over time, alerting analysts to unusual events or patterns of events.
LogRhythm now integrates user directories into the data sources it accepts for security analytics, allowing us to monitor activities from specific users over time and flag unusual or abnormal account activity. This new monitoring and alerting functionality is built right into the LogRhythm console, making it easy to create cases, add evidence and track events just as before, but with additional focus and filtering based on user activities and trends. Overall, we found the product easy to use, and with the fully integrated GUI, we found the tool’s self-learning capabilities to be very helpful for hunting, searching and detecting new events.