Victims of damaging cyber breaches make the news every week – don’t become one of them! The rate of breaches continues to go up every year and it is not just experienced by large companies. Companies need to have the ability to: View “Holistic attack surface”,2. Mission realization, and 3.Kill the threat easily 60% of breached organizations included in the 2015 Verizon DBIR were initially compromised within minutes, and yet for most of those organizations it took hundreds of days to detect the intruders. Fortunately, an intrusion does not equal a breach. In fact, there are usually several steps that typically follow an initial compromise before the bad guys get away with the goods or disrupt a critical service. Detecting early warning signs such as an initial system compromise, command and control activity or suspicious lateral movement of intruders can provide the necessary lead time to respond and defuse. Logrhythm help organizations reduce MEAN TIME TO DETECT & MEAN TIME TO RESPOND. Omar Barakat, Regional Channel Manager – Middle East, Turkey & Africa, Logrhythm Threat Life Cycle Management
2. Company Confidential
The Modern Cyber Threat Pandemic 3,930 Breaches
in 2015
953 Breaches
in 2010
736 million
records were
exposed in
2015, compared
to 96 million
records in 2010
1,000,000,000
records exposed
in one breach in
2016 - Yahoo!
The security
industry is facing
serious talent
and technology
shortages
SelectedDataBreaches
Source: World’s Biggest Data Breaches,
Information is Beautiful
2016
1 Breach
1,000,000,000
(records)
Yahoo!
321 Breaches
in 2006
3. Company Confidential
No End In Sight
Motivated
Threat
Actors
Cyber-
crime
Supply
Chain
Expanding
Attack
Surface
Motivated
Threat Actors
Cyber-crime
Supply Chain
Expanding
Attack Surface
8. 8 | Company Confidential
This Approach Is Not Effective
Log Management SIEM
Endpoint Monitoring
& Forensics
Security Automation
& Orchestration
Network Behavioral
Analytics
Security Analytics
9. 9 | Company Confidential
Our Approach
Forensic
Data
Collection
Discover Qualify Investigate Neutralize Recover
10. 10 | Company Confidential
Threat Lifecycle Management (TLM)
• Series of aligned security
operations capabilities
• Begins with ability to “see” broadly
and deeply across IT environment
• Ends with ability to quickly mitigate
and recover from security incidents
Goal is to reduce mean time to detect (MTTD) and mean
time to respond (MTTR), while keeping staffing levels flat
11. 11 | Company Confidential
End-to-End Threat Lifecycle Management Workflow
TIME TO DETECT TIME TO RESPOND
Forensic Data
Collection
InvestigateQualifyDiscover RecoverNeutralize
Security event
data
Log & machine
data
Forensic sensor
data
Search analytics
Machine
analytics
Assess threat
Determine risk
Is full
investigation
necessary?
Analyze threat
Determine
nature and
extent of incident
Implement
counter-
measures
Mitigate threat
& associated risk
Clean up
Report
Review
Adapt
13. 13 | Company Confidential
Top 5 Differentiators
TIME TO DETECT TIME TO RESPOND
Forensic Data
Collection
InvestigateQualifyDiscover RecoverNeutralize
2. Precision Search
3. Holistic Threat Detection
5. Embedded Security Automation and Orchestration
1. Machine Data Intelligence (MDI)
4. Risk-Based Monitoring
14. 14 | Company Confidential
Machine Data Intelligence Fabric
LogRhythm Network Monitor
LogRhythm System Monitor
Data
Collection
Data
Generation
Machine Data Intelligence (MDI) Fabric
• Uniform Data Classification
• Uniform Data Structure
• Time Normalization
• Risk Score
• Organizational Context
• User Persona
• Host Persona
• Geolocation
• Flow Direction
• …more
Search Analytics Machine Analytics
Benefits
Serves as IT environment abstraction layer
Enables generic scenario representation
Allows for high-efficacy packaged analytics modules
15. 15 | Company Confidential
Precision Search Powered by Elasticsearch
Structured Search Unstructured Search
Benefits
Quick results
Less “noise”
Investigation automation
Fast and accurate decisions
Machine-Assisted Search
16. 16 | Company Confidential
Holistic Threat Detection Powered by AI Engine
Benefits
Real-time advanced threat detection
Detection across full attack lifecycle
Easily customizable
Lower false negatives AND false positives
User Threats
Network Threats
Endpoint Threats
Log Data
Contextual
Data
17. 17 | Company Confidential
Risk-based Monitoring
Benefits
Focuses analysts’ time where it matters most
Faster recognition of threats that need attention
Reduces alarm fatigue
Risk Prioritized Alarms
! 56 RISK
! 68 RISK
! 97 RISK
Risk-based
Prioritization
Algorithm
Events
Confide
nce
Score
Confidence
Score
Threat
Score
Weighti
ngs
Weightings
Risk
Score
18. 18 | Company Confidential
Embedded Security Automation and Orchestration
Case Management SmartResponse Automation
Benefits
Centralizes security investigations
Faster investigations with single toolset
Efficient, confidential collaboration
Automates workflows and responses
Reduces mean time to respond (MTTR)