Corporate Overview 2017-04...Why LogRhythm As Your Strategic TLM Partner Broad Regulatory Compliance...
Transcript of Corporate Overview 2017-04...Why LogRhythm As Your Strategic TLM Partner Broad Regulatory Compliance...
LogRhythmOverviewRev.April2017
TheModernCyberThreatPandemic 3,930Breachesin2015
953Breachesin2010
321Breachesin2006
736millionrecordswereexposedin2015,comparedto96millionrecordsin2010
Thesecurityindustry isfacingserioustalentandtechnologyshortages
Selected
DataBreaches
Source:World’s BiggestDataBreaches,Informationis Beautiful
NoEndInSight
MotivatedThreatActors
Cyber-crimeSupplyChain
ExpandingAttackSurface
MotivatedThreatActors
Cyber-crimeSupplyChain
ExpandingAttackSurface
Modernthreatstaketheirtimeandleveragetheholisticattacksurface
TheCyberAttackLifecycle
Recon.&Planning
InitialCompromise
Command&Control
LateralMovement
TargetAttainment
Exfiltration,Corruption,Disruption
ProtectionThroughFasterDetection&Response
HighVulnerability LowVulnerability
Months
Days
Hours
Minutes
Weeks
MTTD&M
TTR
MEANTIMETODETECT(MTTD)Theaveragetimeittakestorecognizeathreatrequiringfurtheranalysis andresponse efforts
MEANTIMETORESPOND(MTTR)Theaveragetimeittakestorespondandultimatelyresolve theincident
Asorganizationsimprovetheirability toquickly detectandrespondtothreats,theriskofexperiencingadamagingbreachisgreatlyreduced
ExposedtoThreats ResilienttoThreats
Detection&Response
ITBudgets2013
Prevention
Detection&Response
Prevention
ITBudgets2020
StrategicShifttoDetectionandResponseisOccurring
Sources:Gartner,ShiftCybersecurity InvestmenttoDetectionandResponse, January2016;Gartner,Forecast:InformationSecurity,Worldwide, 2014-2020,1Q16Update,April 2016Note:Excludessecurity services fromestimatedoverallmarketspend forenterprise informationsecurity
By2020,60%ofenterpriseinformationsecuritybudgetswillbeallocatedforrapiddetectionandresponseapproaches,upfrom20%in2015.–Gartner,2016
Detection&Response
ITBudgets2015
Prevention
ObstaclesToFasterDetection&Response
AlarmFatigue
SwivelChairAnalysis
ForensicDataSilos
FragmentedWorkflow
LackofAutomation
EffectiveThreatLifecycleManagementü Addressestheseobstaclesü Enablesfasterdetectionand
responsetothreats
ThreatLifecycleManagement(TLM)
• Seriesofalignedsecurityoperationscapabilities
• Beginswithabilityto“see”broadlyanddeeplyacrossITenvironment
• Endswithabilitytoquicklymitigateandrecoverfromsecurityincidents
Goalistoreducemeantimetodetect(MTTD)andmeantimetorespond(MTTR),whilekeepingstaffinglevelsflat
End-to-EndThreatLifecycleManagementWorkflow
TIMETODETECT TIMETORESPOND
ForensicDataCollection
InvestigateQualifyDiscover RecoverNeutralize
Securityeventdata
Log&machinedata
Forensicsensordata
Searchanalytics
Machineanalytics
Assess threat
Determinerisk
Isfullinvestigationnecessary?
Analyzethreat
Determinenatureand
extentofincident
Implementcounter-measures
Mitigatethreat&associatedrisk
Cleanup
Report
Review
Adapt
ThisApproachIsNotEffective
LogManagement SIEM
EndpointMonitoring&Forensics
SecurityAutomation&Orchestration
NetworkBehavioralAnalytics
SecurityAnalytics
OurApproachIs
ForensicData
CollectionDiscover Qualify Investigate Neutralize Recover
12 |©2016LogRhythm
LogRhythm’sApproachtoThreatLifecycleManagement
UnifiedPlatformforEnterpriseThreatLifecycleManagement
ForensicDataCollection
InvestigateQualifyDiscover RecoverNeutralize
LogManagement
SecurityAutomationandOrchestrationCaseManagement,SmartResponse,Metrics…
SecurityAnalyticsAIEngine,AICloud,Alarming,Prioritization,Search,Dashboards…
User&EntityBehavioralAnalytics
NetworkBehavioralAnalytics
NetworkMonitoring
EndpointMonitoring
DataCollectionEnterpriseForensicDataLake
poweredbyLogRhythmMachineDataIntelligenceandElasticsearch
EndpointBehavioralAnalytics
LogRhythmTLMPlatformTop5Differentiators
TIMETODETECT TIMETORESPOND
ForensicDataCollection
InvestigateQualifyDiscover RecoverNeutralize
2.PrecisionSearch
3.HolisticThreatDetection
5.EmbeddedSecurityAutomationandOrchestration
1.MachineDataIntelligence Fabric(MDIF)
4.Risk-BasedMonitoring
MachineDataIntelligenceFabric
DataCollection
DataGeneration
MachineDataIntelligence(MDI)Fabric• UniformDataClassification• UniformDataStructure• TimeNormalization• RiskScore
• UserPersona• HostPersona• Geolocation• FlowDirection• …more
BenefitsüServesasITenvironmentabstractionlayerüEnablesgenericscenariorepresentationüAllowsforhigh-efficacypackagedanalyticsmodules
CurrentTechnologyAllianceEcosystemIPS/MALWARE
ENDP
OINTSECU
RITY
VULNERABILITYMANAGEMENT VERTICALSOLUTIONS NEXT-GENFIREWALLS
NETWORKING&
INFRASTRUCTURE
THREATINTELLIGENCEOTHERNETWORKPACKETBROKERSIDENTITY&ACCESS
PrecisionSearchPoweredbyElasticsearch
StructuredSearch UnstructuredSearch
Benefitsü Quickresultsü Less“noise”ü Investigationautomationü Fastandaccuratedecisions
Machine-AssistedSearch
HolisticThreatDetectionPoweredbyAIEngine
Benefitsü Real-timeadvancedthreatdetectionü Detectionacrossfullattacklifecycleü Easilycustomizableü LowerfalsenegativesANDfalsepositives
UserThreats
NetworkThreats
Endpoint Threats
LogData
ContextualData
Risk-basedMonitoring
Benefitsü Focusesanalysts’timewhereitmattersmostü Fasterrecognitionofthreatsthatneedattentionü Reducesalarmfatigue
RiskPrioritizedAlarms
! 56RISK! 68 RISK
! 97 RISK
Risk-basedPrioritizationAlgorithm
EventsConfidenceScore
ConfidenceScore
ThreatScore
WeightingsWeightings
RiskScore
EmbeddedSecurityAutomationandOrchestration
CaseManagement SmartResponseAutomation
Benefitsü Centralizessecurityinvestigationsü Fasterinvestigationswithsingletoolsetü Efficient,confidentialcollaborationü Automatesworkflowsandresponsesü Reducesmeantimetorespond(MTTR)
WhyLogRhythmAsYourStrategicTLMPartner
BroadRegulatoryCompliance
Focus
Innovation
CustomerSuccess
PlatformScalability&Flexibility
MarketLeadership
Certifications&Validations
IndustryAnalysts CompanyAwards
Company of the Year
IndustryAwards
23 |©2016LogRhythm
24 |©2016LogRhythm
Appendix
LogRhythmLabs
ThreatResearch
ComplianceResearch
StrategicIntegration
MachineDataIntelligence
World-ClassServicesForCustomerSuccess
Classroom, OnsiteorVirtual
Training
Administrator
Analyst
AdminCo-Pilot
ProfessionalServices
CoreDeployment
AnalyticsCo-PilotThreatManagementFoundations
ComplianceFoundations
ExpertConsulting
ContentCo-Pilot
Follow-the-Sun &StandardBusiness
Support
ProactiveMaintenance
CustomerOrientation
Embedded Labs
Forensics Co-Pilot
ComplianceAutomation
ComplianceAutomation
Automateandassureregulatorycompliancewithpre-configuredcontentfor15+regulatoryframeworks:
• PCI• SOX• GLBA• NERC-CIP• HIPAA• GDPR
• FISMA• GPG-13• ISO27001• NIST800-53• NISTCSF• DODI8500.2andmore…
Benefitsü Rapidcustomervalue
ü Reduceburdenofassuringanddemonstratingregulatorycompliance
ü Easilydeploy pre-configuredreportsanddashboards formanagementandauditors
ü Detectcomplianceviolationsautomatically,inreal-time
EmbeddedCompliance• Experiencedcompliance experts
• BuildMachineDataIntelligence,withsupportfor785+devices
• Developpre-configuredcompliancemodules:• AIEnginerules
• Reports&SavedSearches• DashboardLayouts• SmartResponse™plugins
• Frequentupdatesviacloud
HolisticThreatAnalytics
EmbeddedSecurity• Recognizedsecurity experts• BuildMachineDataIntelligence,withsupport for785+devices
• Developpre-packagedthreatmanagementmodules:• AIEnginerules• Reports&SavedSearches• DashboardLayouts• SmartResponse™actions
• Frequentupdatesviacloud
UserandEntityBehaviorAnalyticsInsiderThreats,CompromisedUserAccounts,PrivilegeAbuse,BruteForceAttempts&more
NetworkBehaviorAnalyticsMalwareOutbreak,SuspiciousNetworkCommunications,DOSAttacks,Network-borneDataExfiltration&more
EndpointBehaviorAnalyticsEndpointManipulation,MalwareActivity,SuspiciousProcess&ApplicationActivity,LocalDataExfiltration&more
Benefitsü Rapidcustomervalue
üWork smarterandfasterwithmachine-based analytics
ü Detect&respondtothreatsacrosstheattacksurface
ü Acceleratedeploymentwithpre-packagedthreatmanagementmodules
ThreatIntelligence
CommercialFeeds
CustomSources
STIX/TAXIIFeeds
OpenSourceFeeds