SECURITY INTELLIGENCE

CAN BIG DATA ANALYTICS OVERCOME OUR BLIND SPOTS?

The Scene Today

01

Organizations have intricate infrastructures while still supporting legacy applications and systems

02
03 04 05

Staggering quantities of data to sort through and retain

Data breaches and major compromise scenarios dominate the news

Primary tool for monitoring and responding within the environment is a Security Information and Event Management (SIEM)

Traditional SIEMs can be complex with widely varying capabilities from one vendor to the next

Threats Abound!

Hacking by nation states

Advanced malware

Major shift in attacker focus

Social engineering

Numerous, large data breaches

Insider threats

Are You Currently Breached?

6% 16% 2% 76% Yes No Not Sure Likely

IANS Survey of Security Leaders

Targeted By Advanced Threats?

10%

29% 8% Yes No Not Sure Likely 53%

IANS Survey of Security Leaders

Organizations Think They're Ready

Non-existent

Brand new (Less than 1 year)

Relatively immature (1-3 years)

Somewhat mature (3-5 years)

Mature (5+years)

Security Monitoring Maturity

Most Breaches Go Undetected

54%

of all organizations took months or even years to discover the initial breach.

Method of detection

92%
of organizations were notified by an external organization

28%
were detected passively inside the organization

Only 16%
by active discovery efforts
Source: Verizon Report

And the job is only getting harder

Where is the Disconnect?

Event Monitoring Capabilities

Ability to detect unusual host process and application behaviors

Ability to detect unusual network connections

Ability to monitor privileged users and suspicious user behaviors

Deviation from normal network event baselines

Immediate Detection of host or user credential compromise

IANS Survey of Security Leaders

Organizations Top 3 Challenges

1. Identification of key events from normal background activity 2. Correlation of information from multiple sources (e.g., multiple servers). 3. Lack of analytics capabilities 4. Data normalization at collection 5. Data reduction prior to forwarding the logs to tools, such as SIEM 6. Managing agents that will forward logs to a log server 7. Being able to access logs and/or analysis results without IT support 8. Lack of native visualization capabilities 9. Inconsistent product updates supported by the vendor

Top three challenges faced when integrating logs with other tools within their organization

SANS 8th Annual Log Management Survey, SANS Institute, www.sans.org

What Can They Do?

It's Time For a New Approach

Baseline Behavior

Understand Normal

Apply Security Analytics

Introducing Next Generation SIEM

How Does It Work?

Input sources for information analysis

Data normalization and storage

SIEM
Reporting
Components and Focal Areas

Data correlation and analysis

Forensics (varying degrees & types)

Alerting and response

SIEM platforms evolving

Identity Management

Event Data Standalone Monitoring Platform

Configuration Management Vulnerability Assessment

Platform that provides true context awareness and analytics capabilities

LogRhythm Delivers

Real Time Threat/ Breach Detection

Enhanced Situational Awareness

Behavioral Analysis & Whitelisting

Big Data Analytics

Forensic Search/ Investigation

17

Download Whitepaper

View Demo

Talk with LogRhythm

www.logrhythm.com/ians-info.aspx