logrhythm introduction pdfs/dd 18...logrhythm network monitor logrhythm system monitor data...

1 | © 2016 LogRhythm

LogRhythm IntroductionStefan.Schweizer@LogRhythm.com

Sales Manager DACH SOUTH

2 | © 2016 LogRhythm

3 | © 2016 LogRhythm

Things do get in!

4 | © 2016 LogRhythm

Can you see the threat?

5 | © 2016 LogRhythm

6 | © 2016 LogRhythm

7 | © 2016 LogRhythm

69% Enterprises are blind to attacks despite massive investment

Active Phase

100+ days to find attackers

Security Gap

Source: M-Trends 2016

○ Firewalls

○ IPS

○ Proxies

○ Sandboxes

○ Backup

○ Forensic consultants

$$$$

$

$$$

$$

AUTOMATE

WITH AI

○ In-house Sec analysts

○ Outsourced SOC teams

○ Incident response consultants

○ Legacy technologies

En

terp

ris

e In

ve

stm

en

t

Clean-up PhasePrevention Phase

8 | © 2016 LogRhythm

Recon. & Planning

Initial Compromise

Command & Control

Lateral Movement

Target Attainment

Exfiltration, Corruption, Disruption

Modern threats take their time

and leverage the holistic attack surface

The Cyber Attack Lifecycle

9 | © 2016 LogRhythm

Protection Through Faster Detection & Response

High Vulnerability Low Vulnerability

Months

Days

Hours

Minutes

Weeks

MT

TD &

MT

TR

MEAN TIME TO DETECT (MTTD)

The average time it takes to recognize

a threat requiring further analysis and

response efforts

MEAN TIME TO RESPOND (MTTR)

The average time it takes to respond

and ultimately resolve the incident

As organizations improve their ability to

quickly detect and respond to threats,

the risk of experiencing a damaging

breach is greatly reduced

Exposed to Threats Resilient to Threats

10 | © 2016 LogRhythm

Detection & Response

IT Security Budgets 2013

Prevention

Detection & Response

and managed services

Prevention

IT Security Budgets 2020

Strategic Shift to Detection and Response is Occurring

Sources: Gartner, Shift Cybersecurity Investment to Detection and Response, January 2016; Gartner, Forecast: Information Security, Worldwide, 2014-2020, 1Q16 Update, April 2016

Note: Excludes security services from estimated overall market spend for enterprise information security

By 2020, 60% of enterprise information security budgets will be allocated for

rapid detection and response approaches, up from 20% in 2015. –Gartner, 2016

Detection & Response

IT Security Budgets 2015

Prevention

11 | © 2016 LogRhythm

Obstacles To Faster Detection & Response

Data Quality

Alarm Fatigue

Swivel Chair Analysis

Forensic Data Silos

Fragmented Workflow

Lack of Automation

Effective Threat Lifecycle Management

Addresses these obstacles Enables faster detection and

response to threats

12 | Company Confidential

Threat Lifecycle Management (TLM)

• Series of aligned security operations capabilities

• Begins with ability to “see” broadly and deeply across IT environment

• Ends with ability to quickly mitigate and recover from security incidents

Goal is to reduce mean time to detect (MTTD) and mean time to respond (MTTR), while keeping staffing levels flat

13 | Company Confidential

End-to-End Threat Lifecycle Management Workflow

TIME TO DETECT TIME TO RESPOND

Forensic Data Collection

InvestigateQualifyDiscover RecoverNeutralize

Security event data

Log & machine data

Forensic sensor data

Search analytics

Machine analytics

Assess threat

Determine risk

Is full investigation necessary?

Analyze threat

Determine nature and

extent of incident

Implement counter-

measures

Mitigate threat & associated risk

Clean up

Report

Review

Adapt

14 | Company Confidential

This Approach Is Not Effective

Log Management SIEM

Endpoint Monitoring & Forensics

Security Automation & Orchestration

Network Behavioral Analytics

Security Analytics

15 | Company Confidential

Our Approach

Forensic Data

CollectionDiscover Qualify Investigate Neutralize Recover

16 | Company Confidential

Machine Data Intelligence Fabric

LogRhythm Network Monitor

LogRhythm System Monitor

Data Collection

Data Generation

Machine Data Intelligence (MDI) Fabric• Uniform Data Classification• Uniform Data Structure• Time Normalization• Risk Score• Organizational Context

• User Persona• Host Persona• Geolocation• Flow Direction• …more

Search Analytics Machine Analytics

Benefits Serves as IT environment abstraction layer

Enables generic scenario representation

Allows for high-efficacy packaged analytics modules

17 | Company Confidential

Learned Intelligence : Out of Box Behavioural Analytics

18 | Company Confidential

19 | Company Confidential

Company Confidential

WannaCry

21 | Company Confidential

Top 5 Differentiators

TIME TO DETECT TIME TO RESPOND

Forensic Data Collection

InvestigateQualifyDiscover RecoverNeutralize

2. Precision Search

3. Holistic Threat Detection

5. Embedded Security Automation and Orchestration

1. Machine Data Intelligence (MDI)

4. Risk-Based Monitoring

22 | © 2016 LogRhythm

Why LogRhythm As Your Strategic TLM Partner

Broad Regulatory Compliance

Focus

Innovation

Customer Success

Platform Scalability & Flexibility

23 | © 2016 LogRhythm