Corporate Overview 2017-04...Why LogRhythm As Your Strategic TLM Partner Broad Regulatory Compliance...

LogRhythmOverviewRev.April2017

TheModernCyberThreatPandemic 3,930Breachesin2015

953Breachesin2010

321Breachesin2006

736millionrecordswereexposedin2015,comparedto96millionrecordsin2010

Thesecurityindustry isfacingserioustalentandtechnologyshortages

Selected

DataBreaches

Source:World’s BiggestDataBreaches,Informationis Beautiful

NoEndInSight

MotivatedThreatActors

Cyber-crimeSupplyChain

ExpandingAttackSurface

MotivatedThreatActors

Cyber-crimeSupplyChain

ExpandingAttackSurface

Modernthreatstaketheirtimeandleveragetheholisticattacksurface

TheCyberAttackLifecycle

Recon.&Planning

InitialCompromise

Command&Control

LateralMovement

TargetAttainment

Exfiltration,Corruption,Disruption

ProtectionThroughFasterDetection&Response

HighVulnerability LowVulnerability

Months

Days

Hours

Minutes

Weeks

MTTD&M

TTR

MEANTIMETODETECT(MTTD)Theaveragetimeittakestorecognizeathreatrequiringfurtheranalysis andresponse efforts

MEANTIMETORESPOND(MTTR)Theaveragetimeittakestorespondandultimatelyresolve theincident

Asorganizationsimprovetheirability toquickly detectandrespondtothreats,theriskofexperiencingadamagingbreachisgreatlyreduced

ExposedtoThreats ResilienttoThreats

Detection&Response

ITBudgets2013

Prevention

Detection&Response

Prevention

ITBudgets2020

StrategicShifttoDetectionandResponseisOccurring

Sources:Gartner,ShiftCybersecurity InvestmenttoDetectionandResponse, January2016;Gartner,Forecast:InformationSecurity,Worldwide, 2014-2020,1Q16Update,April 2016Note:Excludessecurity services fromestimatedoverallmarketspend forenterprise informationsecurity

By2020,60%ofenterpriseinformationsecuritybudgetswillbeallocatedforrapiddetectionandresponseapproaches,upfrom20%in2015.–Gartner,2016

Detection&Response

ITBudgets2015

Prevention

ObstaclesToFasterDetection&Response

AlarmFatigue

SwivelChairAnalysis

ForensicDataSilos

FragmentedWorkflow

LackofAutomation

EffectiveThreatLifecycleManagementü Addressestheseobstaclesü Enablesfasterdetectionand

responsetothreats

ThreatLifecycleManagement(TLM)

• Seriesofalignedsecurityoperationscapabilities

• Beginswithabilityto“see”broadlyanddeeplyacrossITenvironment

• Endswithabilitytoquicklymitigateandrecoverfromsecurityincidents

Goalistoreducemeantimetodetect(MTTD)andmeantimetorespond(MTTR),whilekeepingstaffinglevelsflat

End-to-EndThreatLifecycleManagementWorkflow

TIMETODETECT TIMETORESPOND

ForensicDataCollection

InvestigateQualifyDiscover RecoverNeutralize

Securityeventdata

Log&machinedata

Forensicsensordata

Searchanalytics

Machineanalytics

Assess threat

Determinerisk

Isfullinvestigationnecessary?

Analyzethreat

Determinenatureand

extentofincident

Implementcounter-measures

Mitigatethreat&associatedrisk

Cleanup

Report

Review

Adapt

ThisApproachIsNotEffective

LogManagement SIEM

EndpointMonitoring&Forensics

SecurityAutomation&Orchestration

NetworkBehavioralAnalytics

SecurityAnalytics

OurApproachIs

ForensicData

CollectionDiscover Qualify Investigate Neutralize Recover

12 |©2016LogRhythm

LogRhythm’sApproachtoThreatLifecycleManagement

UnifiedPlatformforEnterpriseThreatLifecycleManagement



LogManagement

SecurityAutomationandOrchestrationCaseManagement,SmartResponse,Metrics…

SecurityAnalyticsAIEngine,AICloud,Alarming,Prioritization,Search,Dashboards…

User&EntityBehavioralAnalytics

NetworkBehavioralAnalytics

NetworkMonitoring

EndpointMonitoring

DataCollectionEnterpriseForensicDataLake

poweredbyLogRhythmMachineDataIntelligenceandElasticsearch

EndpointBehavioralAnalytics

LogRhythmTLMPlatformTop5Differentiators

TIMETODETECT TIMETORESPOND



2.PrecisionSearch

3.HolisticThreatDetection

5.EmbeddedSecurityAutomationandOrchestration

1.MachineDataIntelligence Fabric(MDIF)

4.Risk-BasedMonitoring

MachineDataIntelligenceFabric

DataCollection

DataGeneration

MachineDataIntelligence(MDI)Fabric• UniformDataClassification• UniformDataStructure• TimeNormalization• RiskScore

• UserPersona• HostPersona• Geolocation• FlowDirection• …more

BenefitsüServesasITenvironmentabstractionlayerüEnablesgenericscenariorepresentationüAllowsforhigh-efficacypackagedanalyticsmodules

CurrentTechnologyAllianceEcosystemIPS/MALWARE

ENDP

OINTSECU

RITY

VULNERABILITYMANAGEMENT VERTICALSOLUTIONS NEXT-GENFIREWALLS

NETWORKING&

INFRASTRUCTURE

THREATINTELLIGENCEOTHERNETWORKPACKETBROKERSIDENTITY&ACCESS

PrecisionSearchPoweredbyElasticsearch

StructuredSearch UnstructuredSearch

Benefitsü Quickresultsü Less“noise”ü Investigationautomationü Fastandaccuratedecisions

Machine-AssistedSearch

HolisticThreatDetectionPoweredbyAIEngine

Benefitsü Real-timeadvancedthreatdetectionü Detectionacrossfullattacklifecycleü Easilycustomizableü LowerfalsenegativesANDfalsepositives

UserThreats

NetworkThreats

Endpoint Threats

LogData

ContextualData

Risk-basedMonitoring

Benefitsü Focusesanalysts’timewhereitmattersmostü Fasterrecognitionofthreatsthatneedattentionü Reducesalarmfatigue

RiskPrioritizedAlarms

! 56RISK! 68 RISK

! 97 RISK

Risk-basedPrioritizationAlgorithm

EventsConfidenceScore

ConfidenceScore

ThreatScore

WeightingsWeightings

RiskScore

EmbeddedSecurityAutomationandOrchestration

CaseManagement SmartResponseAutomation

Benefitsü Centralizessecurityinvestigationsü Fasterinvestigationswithsingletoolsetü Efficient,confidentialcollaborationü Automatesworkflowsandresponsesü Reducesmeantimetorespond(MTTR)

WhyLogRhythmAsYourStrategicTLMPartner

BroadRegulatoryCompliance

Focus

Innovation

CustomerSuccess

PlatformScalability&Flexibility

MarketLeadership

Certifications&Validations

IndustryAnalysts CompanyAwards

Company of the Year

IndustryAwards

LogRhythmLabs

ThreatResearch

ComplianceResearch

StrategicIntegration

MachineDataIntelligence

World-ClassServicesForCustomerSuccess

Classroom, OnsiteorVirtual

Training

Administrator

Analyst

AdminCo-Pilot

ProfessionalServices

CoreDeployment

AnalyticsCo-PilotThreatManagementFoundations

ComplianceFoundations

ExpertConsulting

ContentCo-Pilot

Follow-the-Sun &StandardBusiness

Support

ProactiveMaintenance

CustomerOrientation

Embedded Labs

Forensics Co-Pilot

ComplianceAutomation

ComplianceAutomation

Automateandassureregulatorycompliancewithpre-configuredcontentfor15+regulatoryframeworks:

• PCI• SOX• GLBA• NERC-CIP• HIPAA• GDPR

• FISMA• GPG-13• ISO27001• NIST800-53• NISTCSF• DODI8500.2andmore…

Benefitsü Rapidcustomervalue

ü Reduceburdenofassuringanddemonstratingregulatorycompliance

ü Easilydeploy pre-configuredreportsanddashboards formanagementandauditors

ü Detectcomplianceviolationsautomatically,inreal-time

EmbeddedCompliance• Experiencedcompliance experts

• BuildMachineDataIntelligence,withsupportfor785+devices

• Developpre-configuredcompliancemodules:• AIEnginerules

• Reports&SavedSearches• DashboardLayouts• SmartResponse™plugins

• Frequentupdatesviacloud

HolisticThreatAnalytics

EmbeddedSecurity• Recognizedsecurity experts• BuildMachineDataIntelligence,withsupport for785+devices

• Developpre-packagedthreatmanagementmodules:• AIEnginerules• Reports&SavedSearches• DashboardLayouts• SmartResponse™actions

• Frequentupdatesviacloud

UserandEntityBehaviorAnalyticsInsiderThreats,CompromisedUserAccounts,PrivilegeAbuse,BruteForceAttempts&more

NetworkBehaviorAnalyticsMalwareOutbreak,SuspiciousNetworkCommunications,DOSAttacks,Network-borneDataExfiltration&more

EndpointBehaviorAnalyticsEndpointManipulation,MalwareActivity,SuspiciousProcess&ApplicationActivity,LocalDataExfiltration&more

Benefitsü Rapidcustomervalue

üWork smarterandfasterwithmachine-based analytics

ü Detect&respondtothreatsacrosstheattacksurface

ü Acceleratedeploymentwithpre-packagedthreatmanagementmodules

ThreatIntelligence

CommercialFeeds

CustomSources

STIX/TAXIIFeeds

OpenSourceFeeds

Corporate Overview 2017-04...Why LogRhythm As Your Strategic TLM Partner Broad Regulatory Compliance...

Documents

Transcript of Corporate Overview 2017-04...Why LogRhythm As Your Strategic TLM Partner Broad Regulatory Compliance...