Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Detecting Insider Threats with User Behavior Analytics

1,843 views

Published on

You have to have a solution in place to detect abnormal shifts and deviations from normal behavior. The solution: User Behavior Analytics (UBA). UBA keeps your financial institution protected no matter where the point of compromise is attempted.
At every step of the insider threat cyber kill chain, LogRhythm can detect the anomalous behavior and prevent movement to the next stage.

LogRhythm’s detection capabilities go beyond the usual UBA suspects because of its ability to monitor network activity and file information—keeping your financial institution protected no matter where the point of compromise is attempted.

Interested in learning more? Watch an online demo of LogRhythm's Security Intelligence Platform now! https://logrhythm.com/neutralization-of-a-phishing-attack-demo/

Published in: Technology
  • ♣♣ 10 Easy Ways to Improve Your Performance in Bed... ■■■ https://tinyurl.com/rockhardxxx
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Detecting Insider Threats with User Behavior Analytics

  1. 1. Detecting Insider Threats with User Behavior Analytics A Use Case for Financial Services at Every Stage of the Cyber Kill Chain
  2. 2. Once the attacker has credentials, they can move freely within your network, with the ability to inflict immense damages. An employee within your organization is targeted with a spearphishing email. With just a click, they take the bait and their credentials are stolen. Insider Threats Within Financial Services Organizations The Scenario
  3. 3. The Human Element Spearphishing is a human vulnerability. It takes an employee to click on the bait. So how can you defend against insider threats? You have to have a solution in place to protect against the human element. The solution: User Behavior Analytics (UBA)
  4. 4. How User Behavior Analytics Can Help Stop Insider Threats UBA can help you to detect and respond to: 1. Insider threats 2. Compromised accounts 3. Privileged account abuse
  5. 5. Anatomy of an Attack Using UBA to Stop an Insider Threat Attack at Any Stage of the Cyber Kill Chain
  6. 6. Detecting a Compromised Account Compromised accounts are at the heart of most financial breaches. The good news? Indicators of a compromised account can be detected at different stages across the cyber kill chain.
  7. 7. The Cyber Kill Chain: Identifying The Moment of Compromise The Scenario: Spearphishing The compromise: An employee receives an email that looks like it’s from a co-worker. She doesn’t notice the small difference in spelling of the domain name as she opens the email. The trap has been sprung. How you stop it: LogRhythm’s Network Monitor deep packet analytics detects the inbound attack then produces a high-impact alert on the incident. Your SOC team investigates, responds and neutralizes threat.
  8. 8. The Cyber Kill Chain: Identifying The Moment of Compromise The Scenario: Compromised Hosts The compromise: A piece of malware slips through traditional perimeter defenses and is installed on a machine. How you stop it: LogRhythm detects when the malicious process starts on the endpoint and either terminates the process or isolates the endpoint to stop the spread of malware.
  9. 9. The Cyber Kill Chain: Identifying The Moment of Compromise The Scenario: Lateral Movement & Account Sweeps The compromise: Malware makes its way onto a machine. It then uses an employee’s compromised credentials to log onto other systems on the network. How you stop it: LogRhythm detects the authentication attempts against multiple hosts and sends an alarm to your SOC for further investigation, response and neutralization.
  10. 10. The Cyber Kill Chain: Identifying The Moment of Compromise The Scenario: Brute Force Authentication The compromise: Malware has made its way onto an employee’s machine. It then tries to move to another user by identifying the password through brute force. How you stop it: LogRhythm detects the authentication failures against multiple hosts and sends an alarm to your SOC for further investigation, response and neutralization.
  11. 11. The Cyber Kill Chain: Identifying The Moment of Compromise The Scenario: Authentication from Abnormal Location The compromise: An attacker successfully gains control of a corporate machine. Then uses the employee’s credentials to connect to the network via VPN. How you stop it: LogRhythm detects the authentication from an abnormal location and sends an alarm to your SOC for further investigation, response and neutralization.
  12. 12. The Cyber Kill Chain: Identifying The Moment of Compromise The Scenario: Unauthorized Trades and Transfers The compromise: A compromised user account attempts to perform unauthorized trade and transfers. How you stop it: LogRhythm’s User Behavior Analytics detects the unauthorized actions and alerts on the incident. Immediately initiating SmartResponse™ to lock down the compromised account.
  13. 13. How LogRhythm Stops Insider Threats
  14. 14. LogRhythm’s User Behavior Analytics Stop Insider Threats At every step of the insider threat cyber kill chain, LogRhythm can detect the anomalous behavior and prevent movement to the next stage. LogRhythm’s detection capabilities go beyond the usual UBA suspects because of its ability to monitor network activity and file information—keeping your financial institution protected no matter where the point of compromise is attempted.
  15. 15. LogRhythm Disrupts the Financial Insider Threat Kill Chain Exfiltration Corruption Disruption Initial Compromise Reconnaissance & Planning Command & Control Lateral Movement Target Attainment MalwareSpearphishing Brute force and unauthorized account access VPN Financial transfer
  16. 16. Holistic Threat Analytics Embedded Security • Recognized security experts • Build machine data intelligence, with support for 750+ devices • Develop pre-packaged threat management modules: • AI Engine rules • Reports & saved searches • Dashboard layouts • SmartResponse™ plug-ins • Frequent updates via cloud Threat Intelligence Open Source Custom Commercial User Behavior Analytics (UBA) Brute force attacks, compromised user accounts, insider threat detection, privileged user account monitoring & more Network Behavior Analytics Malware outbreak, suspicious network communications, DOS attacks, network-borne data exfiltration & more Endpoint Behavior Analytics Endpoint manipulation, malware activity, suspicious process & application activity, local data exfiltration & more Rapid Value • Arm your analysts to work smarter and faster with machine- based analytics • Detect and respond to threats across the holistic attack surface • Accelerate deployment with pre- packaged threat management modules
  17. 17. LogRhythm can help you protect your holistic attack surface—including your users, networks and endpoints. Rarely do attackers target one vector, so we leverage data from all vectors and sources (e.g., honeypots and threat intel feeds) so you can correlate user behavior with network and endpoint data. In case of an attack, you’ll be able to detect and respond lightning fast with an efficient workflow. Protecting Your Holistic Attack Surface
  18. 18. See LogRhythm in Action You already know that hackers will get in—regardless of the prevention technologies you’ve put in place to keep them out. Click the below button to watch this in-depth demo to see how LogRhythm can help you detect a phishing attack and stop it in its tracks. Watch the Demo

×