This content is part of the Buyer's Guide: Security threat intelligence services: A buyer's guide
Get started Bring yourself up to speed with our introductory content.

LogRhythm Security Intelligence: Threat intelligence services overview

In this threat intelligence service overview, Expert Ed Tittel looks at the LogRhythm Security Intelligence threat intelligence platform, designed for simple setup and ease of use.

LogRhythm Inc., a security intelligence company based in Boulder, Colo. was founded in 2003. The LogRhythm Security Intelligence Platform is a highly configurable, cross-platform log management and security information and event management solution that is designed for easy setup and out of the box use. The platform is hardware-based with integrated software, and customers can choose from a handful of appliances based on the size of their infrastructure and log volume.

The LogRhythm platform collects and analyzes log, application, vulnerability, event, workflow and other machine data within an organization. It then uses its Artificial Intelligence Engine to identify previously undetected and emerging threats in real time. The platform also provides tools for host forensics, case management, whitelisting and file integrity monitoring, and it helps organizations comply with many different regulations, such as PCI DSS, HIPAA, FISMA and so on.

The data analytics component of the platform collects, parses and classifies data, extracts metadata and adds it to a database. Data is given context through pattern recognition and behavior analysis, and the resulting information is indexed and prioritized by risk. The platform can be used to detect and monitor advanced persistent threats, Web application threats and issues with privileged user accounts, as well as user, host and network behavior anomalies.

Organizations use the tools within the LogRhythm console to manage and search log data, view events and detect malware infections, as well as configure and monitor alarms and view reports. The console also enables security-related investigations and workflow management. LogRhythm includes a library of automated, prepackaged reports, many of which can be used for compliance audit reporting.

Typical customer

LogRhythm is aimed at the midsize and enterprise markets, including commercial companies, multinational corporations, government agencies and educational and financial institutions, among others. Its all-in-one appliances are geared for smaller midsize customers, whereas more robust appliances support large midsize and enterprise sites.

Data feeds

LogRhythm does not provide downloadable threat intelligence feeds as a separate service. The company pulls data from many different sources (including systems and appliances) and incorporates that threat data into the LogRhythm platform, which is displayed to customers through the platform dashboard and correlated with customer log data.

Pricing and licensing

The LogRhythm Security Intelligence Platform starts at $28,000. The price can rise into six or seven figures based on a customer's log volume, number of events per second and similar criteria.


LogRhythm offers standard and platinum support. The standard option includes telephone support from 7 a.m. to 6 p.m. MST, a four-hour response time by a technical support engineer during business hours, 24/7/365 access to the online support portal and forums, as well as software updates and a hardware warranty. Standard support is an annual cost, which is 20% of the base cost of the product.

Platinum support offers 24/7 access to support engineers by phone or email, a four-hour response time 24/7 and four-hour on-site support for hardware problems.

Next Steps

Learn the five key criteria for evaluating threat intelligence services

See how the top threat intelligence services stack up against each other

This was last published in July 2015

Dig Deeper on Risk assessments, metrics and frameworks