LogRhythm Introduction PDFs/DD 18...LogRhythm Network Monitor LogRhythm System Monitor Data...
Transcript of LogRhythm Introduction PDFs/DD 18...LogRhythm Network Monitor LogRhythm System Monitor Data...
![Page 2: LogRhythm Introduction PDFs/DD 18...LogRhythm Network Monitor LogRhythm System Monitor Data Collection Data Generation Machine Data Intelligence (MDI) Fabric • Uniform Data Classification](https://reader036.fdocuments.net/reader036/viewer/2022062311/5e97ee40b0966268c645cb37/html5/thumbnails/2.jpg)
2 | © 2016 LogRhythm
![Page 3: LogRhythm Introduction PDFs/DD 18...LogRhythm Network Monitor LogRhythm System Monitor Data Collection Data Generation Machine Data Intelligence (MDI) Fabric • Uniform Data Classification](https://reader036.fdocuments.net/reader036/viewer/2022062311/5e97ee40b0966268c645cb37/html5/thumbnails/3.jpg)
3 | © 2016 LogRhythm
Things do get in!
![Page 4: LogRhythm Introduction PDFs/DD 18...LogRhythm Network Monitor LogRhythm System Monitor Data Collection Data Generation Machine Data Intelligence (MDI) Fabric • Uniform Data Classification](https://reader036.fdocuments.net/reader036/viewer/2022062311/5e97ee40b0966268c645cb37/html5/thumbnails/4.jpg)
4 | © 2016 LogRhythm
Can you see the threat?
![Page 5: LogRhythm Introduction PDFs/DD 18...LogRhythm Network Monitor LogRhythm System Monitor Data Collection Data Generation Machine Data Intelligence (MDI) Fabric • Uniform Data Classification](https://reader036.fdocuments.net/reader036/viewer/2022062311/5e97ee40b0966268c645cb37/html5/thumbnails/5.jpg)
5 | © 2016 LogRhythm
![Page 6: LogRhythm Introduction PDFs/DD 18...LogRhythm Network Monitor LogRhythm System Monitor Data Collection Data Generation Machine Data Intelligence (MDI) Fabric • Uniform Data Classification](https://reader036.fdocuments.net/reader036/viewer/2022062311/5e97ee40b0966268c645cb37/html5/thumbnails/6.jpg)
6 | © 2016 LogRhythm
![Page 7: LogRhythm Introduction PDFs/DD 18...LogRhythm Network Monitor LogRhythm System Monitor Data Collection Data Generation Machine Data Intelligence (MDI) Fabric • Uniform Data Classification](https://reader036.fdocuments.net/reader036/viewer/2022062311/5e97ee40b0966268c645cb37/html5/thumbnails/7.jpg)
7 | © 2016 LogRhythm
69% Enterprises are blind to attacks despite massive investment
Active Phase
100+ days to find attackers
Security Gap
Source: M-Trends 2016
○ Firewalls
○ IPS
○ Proxies
○ Sandboxes
○ Backup
○ Forensic consultants
$$$$
$
$$$
$$
AUTOMATE
WITH AI
○ In-house Sec analysts
○ Outsourced SOC teams
○ Incident response consultants
○ Legacy technologies
En
terp
ris
e In
ve
stm
en
t
Clean-up PhasePrevention Phase
![Page 8: LogRhythm Introduction PDFs/DD 18...LogRhythm Network Monitor LogRhythm System Monitor Data Collection Data Generation Machine Data Intelligence (MDI) Fabric • Uniform Data Classification](https://reader036.fdocuments.net/reader036/viewer/2022062311/5e97ee40b0966268c645cb37/html5/thumbnails/8.jpg)
8 | © 2016 LogRhythm
Recon. & Planning
Initial Compromise
Command & Control
Lateral Movement
Target Attainment
Exfiltration, Corruption, Disruption
Modern threats take their time
and leverage the holistic attack surface
The Cyber Attack Lifecycle
![Page 9: LogRhythm Introduction PDFs/DD 18...LogRhythm Network Monitor LogRhythm System Monitor Data Collection Data Generation Machine Data Intelligence (MDI) Fabric • Uniform Data Classification](https://reader036.fdocuments.net/reader036/viewer/2022062311/5e97ee40b0966268c645cb37/html5/thumbnails/9.jpg)
9 | © 2016 LogRhythm
Protection Through Faster Detection & Response
High Vulnerability Low Vulnerability
Months
Days
Hours
Minutes
Weeks
MT
TD &
MT
TR
MEAN TIME TO DETECT (MTTD)
The average time it takes to recognize
a threat requiring further analysis and
response efforts
MEAN TIME TO RESPOND (MTTR)
The average time it takes to respond
and ultimately resolve the incident
As organizations improve their ability to
quickly detect and respond to threats,
the risk of experiencing a damaging
breach is greatly reduced
Exposed to Threats Resilient to Threats
![Page 10: LogRhythm Introduction PDFs/DD 18...LogRhythm Network Monitor LogRhythm System Monitor Data Collection Data Generation Machine Data Intelligence (MDI) Fabric • Uniform Data Classification](https://reader036.fdocuments.net/reader036/viewer/2022062311/5e97ee40b0966268c645cb37/html5/thumbnails/10.jpg)
10 | © 2016 LogRhythm
Detection & Response
IT Security Budgets 2013
Prevention
Detection & Response
and managed services
Prevention
IT Security Budgets 2020
Strategic Shift to Detection and Response is Occurring
Sources: Gartner, Shift Cybersecurity Investment to Detection and Response, January 2016; Gartner, Forecast: Information Security, Worldwide, 2014-2020, 1Q16 Update, April 2016
Note: Excludes security services from estimated overall market spend for enterprise information security
By 2020, 60% of enterprise information security budgets will be allocated for
rapid detection and response approaches, up from 20% in 2015. –Gartner, 2016
Detection & Response
IT Security Budgets 2015
Prevention
![Page 11: LogRhythm Introduction PDFs/DD 18...LogRhythm Network Monitor LogRhythm System Monitor Data Collection Data Generation Machine Data Intelligence (MDI) Fabric • Uniform Data Classification](https://reader036.fdocuments.net/reader036/viewer/2022062311/5e97ee40b0966268c645cb37/html5/thumbnails/11.jpg)
11 | © 2016 LogRhythm
Obstacles To Faster Detection & Response
Data Quality
Alarm Fatigue
Swivel Chair Analysis
Forensic Data Silos
Fragmented Workflow
Lack of Automation
Effective Threat Lifecycle Management
Addresses these obstacles Enables faster detection and
response to threats
![Page 12: LogRhythm Introduction PDFs/DD 18...LogRhythm Network Monitor LogRhythm System Monitor Data Collection Data Generation Machine Data Intelligence (MDI) Fabric • Uniform Data Classification](https://reader036.fdocuments.net/reader036/viewer/2022062311/5e97ee40b0966268c645cb37/html5/thumbnails/12.jpg)
12 | Company Confidential
Threat Lifecycle Management (TLM)
• Series of aligned security operations capabilities
• Begins with ability to “see” broadly and deeply across IT environment
• Ends with ability to quickly mitigate and recover from security incidents
Goal is to reduce mean time to detect (MTTD) and mean time to respond (MTTR), while keeping staffing levels flat
![Page 13: LogRhythm Introduction PDFs/DD 18...LogRhythm Network Monitor LogRhythm System Monitor Data Collection Data Generation Machine Data Intelligence (MDI) Fabric • Uniform Data Classification](https://reader036.fdocuments.net/reader036/viewer/2022062311/5e97ee40b0966268c645cb37/html5/thumbnails/13.jpg)
13 | Company Confidential
End-to-End Threat Lifecycle Management Workflow
TIME TO DETECT TIME TO RESPOND
Forensic Data Collection
InvestigateQualifyDiscover RecoverNeutralize
Security event data
Log & machine data
Forensic sensor data
Search analytics
Machine analytics
Assess threat
Determine risk
Is full investigation necessary?
Analyze threat
Determine nature and
extent of incident
Implement counter-
measures
Mitigate threat & associated risk
Clean up
Report
Review
Adapt
![Page 14: LogRhythm Introduction PDFs/DD 18...LogRhythm Network Monitor LogRhythm System Monitor Data Collection Data Generation Machine Data Intelligence (MDI) Fabric • Uniform Data Classification](https://reader036.fdocuments.net/reader036/viewer/2022062311/5e97ee40b0966268c645cb37/html5/thumbnails/14.jpg)
14 | Company Confidential
This Approach Is Not Effective
Log Management SIEM
Endpoint Monitoring & Forensics
Security Automation & Orchestration
Network Behavioral Analytics
Security Analytics
![Page 15: LogRhythm Introduction PDFs/DD 18...LogRhythm Network Monitor LogRhythm System Monitor Data Collection Data Generation Machine Data Intelligence (MDI) Fabric • Uniform Data Classification](https://reader036.fdocuments.net/reader036/viewer/2022062311/5e97ee40b0966268c645cb37/html5/thumbnails/15.jpg)
15 | Company Confidential
Our Approach
Forensic Data
CollectionDiscover Qualify Investigate Neutralize Recover
![Page 16: LogRhythm Introduction PDFs/DD 18...LogRhythm Network Monitor LogRhythm System Monitor Data Collection Data Generation Machine Data Intelligence (MDI) Fabric • Uniform Data Classification](https://reader036.fdocuments.net/reader036/viewer/2022062311/5e97ee40b0966268c645cb37/html5/thumbnails/16.jpg)
16 | Company Confidential
Machine Data Intelligence Fabric
LogRhythm Network Monitor
LogRhythm System Monitor
Data Collection
Data Generation
Machine Data Intelligence (MDI) Fabric• Uniform Data Classification• Uniform Data Structure• Time Normalization• Risk Score• Organizational Context
• User Persona• Host Persona• Geolocation• Flow Direction• …more
Search Analytics Machine Analytics
Benefits Serves as IT environment abstraction layer
Enables generic scenario representation
Allows for high-efficacy packaged analytics modules
![Page 17: LogRhythm Introduction PDFs/DD 18...LogRhythm Network Monitor LogRhythm System Monitor Data Collection Data Generation Machine Data Intelligence (MDI) Fabric • Uniform Data Classification](https://reader036.fdocuments.net/reader036/viewer/2022062311/5e97ee40b0966268c645cb37/html5/thumbnails/17.jpg)
17 | Company Confidential
Learned Intelligence : Out of Box Behavioural Analytics
![Page 18: LogRhythm Introduction PDFs/DD 18...LogRhythm Network Monitor LogRhythm System Monitor Data Collection Data Generation Machine Data Intelligence (MDI) Fabric • Uniform Data Classification](https://reader036.fdocuments.net/reader036/viewer/2022062311/5e97ee40b0966268c645cb37/html5/thumbnails/18.jpg)
18 | Company Confidential
![Page 19: LogRhythm Introduction PDFs/DD 18...LogRhythm Network Monitor LogRhythm System Monitor Data Collection Data Generation Machine Data Intelligence (MDI) Fabric • Uniform Data Classification](https://reader036.fdocuments.net/reader036/viewer/2022062311/5e97ee40b0966268c645cb37/html5/thumbnails/19.jpg)
19 | Company Confidential
![Page 20: LogRhythm Introduction PDFs/DD 18...LogRhythm Network Monitor LogRhythm System Monitor Data Collection Data Generation Machine Data Intelligence (MDI) Fabric • Uniform Data Classification](https://reader036.fdocuments.net/reader036/viewer/2022062311/5e97ee40b0966268c645cb37/html5/thumbnails/20.jpg)
Company Confidential
WannaCry
![Page 21: LogRhythm Introduction PDFs/DD 18...LogRhythm Network Monitor LogRhythm System Monitor Data Collection Data Generation Machine Data Intelligence (MDI) Fabric • Uniform Data Classification](https://reader036.fdocuments.net/reader036/viewer/2022062311/5e97ee40b0966268c645cb37/html5/thumbnails/21.jpg)
21 | Company Confidential
Top 5 Differentiators
TIME TO DETECT TIME TO RESPOND
Forensic Data Collection
InvestigateQualifyDiscover RecoverNeutralize
2. Precision Search
3. Holistic Threat Detection
5. Embedded Security Automation and Orchestration
1. Machine Data Intelligence (MDI)
4. Risk-Based Monitoring
![Page 22: LogRhythm Introduction PDFs/DD 18...LogRhythm Network Monitor LogRhythm System Monitor Data Collection Data Generation Machine Data Intelligence (MDI) Fabric • Uniform Data Classification](https://reader036.fdocuments.net/reader036/viewer/2022062311/5e97ee40b0966268c645cb37/html5/thumbnails/22.jpg)
22 | © 2016 LogRhythm
Why LogRhythm As Your Strategic TLM Partner
Broad Regulatory Compliance
Focus
Innovation
Customer Success
Platform Scalability & Flexibility
![Page 23: LogRhythm Introduction PDFs/DD 18...LogRhythm Network Monitor LogRhythm System Monitor Data Collection Data Generation Machine Data Intelligence (MDI) Fabric • Uniform Data Classification](https://reader036.fdocuments.net/reader036/viewer/2022062311/5e97ee40b0966268c645cb37/html5/thumbnails/23.jpg)
23 | © 2016 LogRhythm