LogRhythm, as its name suggests, works against log data. However, we need to be careful about what we mean by ‘log’ because LogRhythm does not use this term just to refer to the sort of IT-based logs (database logs, syslogs, network logs, web logs and so forth) that might be supposed. In practice, LogRhythm takes a much broader view of logs than this, taking them to refer to anything that generates a record of activity. Thus, for example, a badge reader generates a record each time that anybody swipes their badge through the reader, which represents a log of that activity. Similarly, call detail records represent a log of phone calls, attacks against your firewall generate a log and various types of sensors such as RFID readers, GPS, ANPR (automated number plate recognition) and SCADA sensors all generate log data in a similar way. In capital markets, stock tick information is effectively log data. One can even argue that transaction processing systems generate logs and, indeed, IBM can now specifically generate the equivalent of log data from CICS. In effect, more or less anything can be treated as log data.
In practice, LogRhythm deals not just with log data but also with events. It defines the latter as being log data that is of interest to the business. Note that this is different from the terminology used by event processing vendors and the event processing technical society, which would classify all of the data recorded in logs (of whatever type) as (records of) events and would note that some events are of interest and some are not.
From the foregoing it should be clear that the potential market for LogRhythm is very broad. In practice, it focuses particularly on automated compliance, security event management (things such as attacks on your firewall) and IT operations management. In the case of compliance this would include PCI, Sarbanes-Oxley, HIPAA, GCSx (the UK’s Government Connect Secure Extranet which mandates that local authorities record and store log data), the EU Data Retention Directive (pertaining to Telecommunications companies and ISPs) and many other such regulations. The product would also be suitable for certain sensor-based and governmental security applications though these are not opportunities that are currently being pursued by the company. LogRhythm would not, in our opinion, be suitable for deployment in capital markets at this time.