WIXLIB

August, 2014Quarterly Analyst UpdateBusiness NewsContentsBusiness News1-2Customer News3-6Marketing UpdateTechnology/Innovation78-9KEY RESULTS 40m funding boostunderlines LogRhythm’spotential Growth continues toaccelerate Sales and pipeline both hitrecord highs 59 competitive knockoutscontinue our winning streak Innovations include theIdentify Inference Engineand a retail cybercrimesecurity analytics suiteLogRhythm’s business growth is still accelerating strongly. After its best ever Q1,LogRhythm ended Q’2 with even greater acceleration in sales and new customeracquisition. The company continues to execute well and build its strength in everykey area of the its business.The ultimate proof of our continuing success was the successful completion ofa new round of equity financing, worth 40m. The new money will be used toaccelerate our investment in innovation and product development, sales andmarketing, and customer service, and to expand our global footprint. The resultwill be a greater ability to execute in the market and deliver on our vision.LogRhythm’s competitive success against other top companies remainsconsistently high, with overall win rates against all competitors running at almost68%. Competitive displacements remain strong, with almost 60 knockoutsrecorded during the first half of 2014.Key innovations over the last 12 months include the launch of the NetworkMonitor and the introduction of our completely new, next-generation userexperience, improved and independently validated scalability, a powerful IdentifyInference Engine, and a retail cybercrime security analytics suite.LogRhythm’s market awareness and visibility continues to grow, too, withLogRhythm far ahead of even IBM QRadar in traditional media share of voice.Through all this, our core value proposition remains the same. As always, it isbased on simpler deployment, faster payback, a lower operating overhead, andpractical tools that help organizations detect and respond to advanced threatssooner, while also delivering compliance automation and assurance for a myriadof regulations.LogRhythm by the numbers 40% year-on-year increase in Q2 sales (vs Q2 2013) 68% win rate against top competitors 59 competitive replacements in six months; 130 since January 2013 Customer satisfaction remains sky high (94% renewal rate)

LogRhythm Quarterly Analyst Update Back to Front PageWhy we consistently win against other leadersHP ArcSightEase and speed of implementation, usability, and lower total cost of ownership (TCO)IBM QRadarMore powerful forensics, better privileged user monitoring, fully integrated file integritymonitoring and general ease of use. Also more comprehensive application ID,advanced metadata, and superior packet captureMcAfeeEase of deployment and use, and more powerful behavioral analytics and networkmonitoring capabilitiesSplunkSuperior behavioral analytics, simplified deployment support, and lower overall TCO 40 million equity investmentLogRhythm’s successful 40m funding round provides the clearest possible signal of investors’ confidence in thebright future that lies ahead for the company’s security intelligence solutions. The investment was led by RiverwoodCapital, with participation from new investor Piper Jaffray and existing investors Adams Street Partners and AccessVenture Partners, alongside members of LogRhythm’s own senior management team. The company has nowraised 71 million since it was founded in 2003. The new money will be used to fund product development, marketexpansion, and customer service enhancements.02

Back to Front PageLogRhythm Quarterly Analyst UpdateCOCustomer NewsNFIDENTIALSample of recent wins and why LogRhythm was selectedCustomerIndustryCompetitorsWhy we wonCredit unionBanking, financeand insuranceHPIBMLogLogicReplaced LogLogic. Out-of-the-box fraud detection capabilities, archiving and datamanagement strengths and comprehensive compliance and security reportingfunctionalityRetail store chainRetailEvent TrackerIBMReplaced Event Tracker. File integrity monitoring on point of sale machines and overallvisibility into security eventsClothing retailerRetailLogLogicReplaced LogLogic. Flexible MSSP deployment options providing continuous PCIcompliance assurance, real-time intrusion detection, and Layer-7 deep packet inspectionvia Network MonitorSupermarket chainServicesAlienVaultSplunkContinuous compliance assurance for PCI and advanced correlation capabilities with realtime alertsAirportTransportationHPScalability and FIM capabilities; vendor reputation in the Middle East and in the aviationsectorSenior care providerHealthcareMcAfeeContinuous HIPAA compliance assurance, visibility into network activity, and out-of-thebox APT behavior recognitionEuropean bankBanking andfinanceMcAfeeTripwireFlexible deployment options, reputation among other banks in the region, andextraordinary customer support and responsiveness during the evaluationBanking software and servicesproviderBanking andfinanceAlienVaultTripwireReplaced Tripwire. Breadth of out-of-the-box capabilities, including advanced correlationrules and support for all the customer's network devicesGlobal industrial engineering andmanufacturing groupManufacturingRSASplunkEase of use providing a single view into all activity on the network, the ability to correlateIDS/IPS data for corroborated event recognition, and real-time alerts for continuoussecurity and compliance assuranceFitness center chainServicesIBMRSASplunkTripwireReplaced RSA and Tripwire. Out-of-the-box PCI compliance capabilities and integratedfile integrity monitoring capabilities for real-time monitoring of point of sale systemsHotel chainHospitalityTripwireTrustwaveAbility to deliver file integrity monitoring and continuous PCI compliance in an MSSPdeployment modelMajor US hospital and researchorganizationHealthcareIBMRSASplunkReplaced IBM. Scalability model providing big data analytics with out-of-the-box suites foradvanced threat protection and privileged user monitoring. Ability to easily build andconfigure advanced correlation rules to meet unique use casesGlobal provider of enterprise softwareplatformsTechnologyIBMSplunkMcAfeeReplaced IBM. Visibility into network activity and unparalleled machine analyticscapabilities via AI Engine. Recognition of continuous innovationAirportRetailIBMReplaced IBM. Simpler to deploy, maintain and scale, providing quicker time to valueRetail chainRetailLogLogicTripwireReplaced LogLogic. Fully integrated file integrity monitoring and flexible deploymentoptions, providing continuous monitoring of all point of sale systems for security andcompliance assuranceCardholder services providerFinancialSplunkMcAfeeAdvanced correlation capabilities delivered by AI Engine for real-time threat detection andresponseSatellite media providerMediaHPIBMComprehensive parsing capabilities enabling Sirius to collect and monitor activity oncommercial and custom applications, including Oracle Business Revenue Management(BRM) application. During POC, LogRhythm's system detected a DOS attack on thecorporate websiteRestaurant chainLeisure: travel andentertainmentLogLogicReplaced LogLogic. File integrity monitoring on all of the point of sale machinesMultinational franchiserRetailIBMAI Engine's advanced correlation and the automatic whitelist capabilities, coupled without-of-the-box reporting functionality. Also usability of the console, providing easy accessto investigations for forensic analysisMajor universityTechnologySplunkContinuous PCI compliance assurance and file integrity monitoringMajor universityHigher educationEIQHPAbility to deliver pervasive visibility into the IT environment, ease of use, and unparalleledfunctionalitySystems engineering, construction,and construction managementservicesTechnologyMcAfeeSymantec SSIMReplaced Symantec SSIM. Robust out-of-the-box device support, ability to build customparsing rules, and threat feed integration capabilitiesGlobal insurance companyInsuranceIBMAbility to deliver a subscription-based service through NTT Security Services, providing aco-managed solution with continuous monitoring of the customer's environment03

13 Back to Front PageLogRhythm Quarterly Analyst UpdateQuick Cases – From the FieldKnockout year for LogRhythmLogRhythm’s increasing success in competitive replacements has seen it notch up 59 wins already this year.Replacement contracts in Q2 2014 included key wins against IBM (world-class hospital and research institution,leading technology vendor, major airport authority), against LogLogic (Credit Union, retail chain), and against RSA(chain of mega-fitness centers).Key wins in Q2LogRhythm ousts IBM at world-class leader inmedical care, research and educationThis worldwide leader in medicalcare, research and education, hasmajor campuses around the US.The nonprofit organization employs61,000 associates and treats morethan a million people every year.The institution was looking for a solution that couldoperate in a complex environment and address a longlist of use cases tied to its security informatics program.These included: Handling big data analytics Identifying anomalous behavior and evaluating risksand threats Providing file integrity and network monitoringcapabilities Offering easily configurable custom rules Detecting APTs and other non-viral intrusions andexfiltration Monitoring user activities for malicious behavior Defending against brute force and other bad actorattacks Identifying malware attack vectors and attackpropagation methods Detecting insider threats and anomalous actions byusers that could lead to data theft Capturing and correlating forensic data and details ofbrute force and bad actor attacks Correlating event details against historical data andcurrent logs Profiling malware and issuing alerts Log monitoring and timing to ensure logging has notbeen stopped at endpointsgeneric logos.pdf205/08/201420:13While the institution had a legacy QRadar deployment inplace, this was lacking or lagging in several criticalcapabilities, including file integrity monitoring, network04monitoring, and high performance advanced forensicson historical and current log data. The IBM product wasstruggling to handle the organization’s current volumes,and there was no confidence that it would scale to fitfuture growth. The institution also evaluated Splunk andRSA Security Analytics, but eliminated both becauseof their inability to address the organization’s advancedanalytics requirements.Why LogRhythm won: LogRhythm was selected afteran extensive evaluation process, taking into accountscalability, usability, functionality, and ease of use. Specificuse cases included detection of advanced malware,APTs, data exfiltration, brute force and bad actor attacks,insider threats, and malicious activity.LogRhythm wins over HP and Splunk at globalprovider of secure online and mobile paymentprocessing servicesThis organization is a global providerof secure online and mobile paymentprocessing services, in many differentcurrencies, serving thousands ofbusinesses and millions of consumersaround the world.Like any global payment processor, it is atempting target for cyber criminals. Extensive securitycontrols were needed and the company also had to meetthe PCI requirements that are essential these days forevery payments processor. An HP ArcSight solution wasalready in place, but its staff found it complex and difficultto operate and it was unable to support the large numberof custom applications that the business required.Splunk was also considered, as it was already in use forapplication monitoring in the company’s developmentgroup. Its lack of advanced behavioral analytics andadvanced correlation capabilities was seen as a seriousdrawback, however, and quickly ruled out.