Successfully reported this slideshow.
Your SlideShare is downloading. ×

Get Real-Time Cyber Threat Protection with Risk Management and SIEM

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Loading in …3
×

Check these out next

1 of 27 Ad

Get Real-Time Cyber Threat Protection with Risk Management and SIEM

Download to read offline

The 2012 Verizon Data Breach Investigations Report quantified the sharp increase in cyber threats, noting that 68% were due to malware, up 20% from 2011. What is most concerning is that 85% of breaches took weeks or more to discover. Despite the focus on threat prevention, breaches will happen. In this environment the ability to identify risk, protect vulnerable assets and manage threats become critical. Learn how these combined solutions can help your organization identify behavioral anomalies, internal and external threats, and prevent breaches based on accurate enterprise security intelligence.

To download a free Nexpose demo, clock here: http://www.rapid7.com/products/nexpose/compare-downloads.jsp

The 2012 Verizon Data Breach Investigations Report quantified the sharp increase in cyber threats, noting that 68% were due to malware, up 20% from 2011. What is most concerning is that 85% of breaches took weeks or more to discover. Despite the focus on threat prevention, breaches will happen. In this environment the ability to identify risk, protect vulnerable assets and manage threats become critical. Learn how these combined solutions can help your organization identify behavioral anomalies, internal and external threats, and prevent breaches based on accurate enterprise security intelligence.

To download a free Nexpose demo, clock here: http://www.rapid7.com/products/nexpose/compare-downloads.jsp

Advertisement
Advertisement

More Related Content

Slideshows for you (20)

Advertisement

Similar to Get Real-Time Cyber Threat Protection with Risk Management and SIEM (20)

Advertisement

Recently uploaded (20)

Get Real-Time Cyber Threat Protection with Risk Management and SIEM

  1. 1. Rapid7 & LogRythym Webcast: Get Real-Time Cyber Threat Protection with Risk Management and SIEM
  2. 2. Dana Wolf Director of Products, Rapid7 Presenters 2 Seth Goldhammer Director of Product Management, LogRhythym
  3. 3. Speed With Control Dana Wolf, Director of Products
  4. 4. Meaningful progress in security? 4
  5. 5. 5 Challenges to Forward Progress
  6. 6. Lack of relevant, right-time information 6
  7. 7. Lack of decision-making framework 7
  8. 8. Hard to get others to take action or change 8 IT Guy You mean patch ADOBE? Fix CVE 456?
  9. 9. Under resourced and over stretched 9
  10. 10. 10
  11. 11. Visibility through the chaos 11
  12. 12. The Rapid7 Solution: Speed with Control for You 12 Brain-dead Simple Remediation Time-Saving Automation
  13. 13. Rapid7’s Solution: Security Programs 13 Decision Making Frameworks (Real Risk, Policy & Compliance) Offensive Security Infrastructure Fingerprinting Applications Configuration, Vulnerability Content Remediation Guidance Security Program TrendingSecurity Testing Business Context SecurityPrograms Threat & Exploit Information
  14. 14. Rapid7 & LogRhythm Joint solutions Efficiency & Right-Time information in Monitoring 14
  15. 15. Rapid7 focused on assessing the risk in your organization based on state of the environment LogRhythm focused on monitoring activities in real-time Content from Rapid7’s portfolio adds context to LogRhythm’s monitoring analytics • OS, Vulnerability, Services, Applications, etc. • Exploits, Malware kits, etc. Assessment & Monitoring 15
  16. 16. Let Us Get You Started 16
  17. 17. Get Real-Time Cyber Threat Protection with Risk Management and SIEM LogRhythm Rapid7
  18. 18. 2012 Verizon Breach Report – Key Stats • The number of compromised records across these incidents skyrocketed • “We will likely continue to see the perpetrators utilize such vulnerabilities as the path of least resistance to gain unauthorized entry” • “92% of incidents were discovered by a third party” (Up 6% from previous year) • “Monitor and mine event logs” critical for large organizations • “Anomaly detection is active in the conversation and growing in importance.”
  19. 19. ent.heisler COMP=VENUS SORC=Security CATG=Logon/Logoff EVID=540 Logon ID: (0x0,0x9BDC1AFD) Logon Type: 3 Logon Process: GUID: {0e9506c5-1c90-769c-d69f-933db4f52454} Caller User Name: - Caller Source Network Address: - Source Port: ryce.griswold COMP=VENUS SORC=Security CATG=Logon/Logoff EVID=540 OX Logon ID: (0x0,0x9BDC1B32) Logon Type: 3 Logon Process: 08 AM TYPE=SuccessAudit USER=SANDBOXanthony.mack COMP=VENUS SORC=Sec cessful Network Logon: anthony.mack Domain: SANDBOX Logon ID: (0x0,0x9BDC86 eros Authentication Kerberos Workstation Name: Logon GUID: {4899467d-7bea-9b95-1da5-ff948b - Caller - Caller Process ID: - Transited Services: - Source Network Address: - 11 9:08 AM TYPE=SuccessAudit USER=SANDBOXanthony.mack COMP=VENUS SORC= Successful Network Logon: ame: anthony.mack Domain: SANDBOX Logon ID: (0x0,0x9BD Kerberos Authentication e: Kerberos Workstation Name: Logon GUID: {4899467d-7bea-9b95-1da5-ff9 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 100100100100100110010101001110101010110101010101001001001001001000011 100100100100100110010101001110101010110101010101001001001001001000011 100100100100100110010101001110101010110101010101001001001001001000011 100100100100100110010101001110101010110101010101001001001001001000011 100100100100100110010101001110101010110101010101001001001001001000011 100100100100100110010101001110101010110101010101001001001001001000011 100100100100100110010101001110 100100100100100110010101001110 Compromised Credentials Suspicious Privileged User Activity Reconnaissance Followed by Attack Critical Service Failed Brute Force Attack Malicious Content Observed Unauthorized Network Connection Opened Zero Day Exploit Detected Host Compromised Medical Records Breached Credit Card Data TransferredUnauthorized Access of ePHI
  20. 20. Understanding ‘Normal’ User Identity Access Privilege External Context Threat Intelligence IP Reputation GeoLocation Application Access Transactions Error Behavior Host Process Access File Activity Resources Internal Context Business Value Asset Classification Risk Rating Vulnerability Network Connection Direction Content Volume Manual discovery of what’s normal network activity is impractical due to the sheer volume of data across multiple types of dimensions. An unmanageable volume of false positives based on benign anomalies Significant blind spots / false negatives Need an automated technology to learn behavioral attributes across multiple dimensions Normal
  21. 21. What is multi-dimensional? • Multiple dimensions of behavior can be observed • Multiple techniques through which behavior can be modeled • Multiple behaviors can be modeled in a single rule Why is this important • We can align the behavior we want to model with the ideal analysis technique. • We can reduce false positives by identifying multiple behavioral changes indicating a highly corroborated event. • We enable customers to see behavioral changes they’ve been blind to, enabling the detection of a new class of events. Multi-Dimensional Behavioral Analytics(MDBA)
  22. 22. Log Manager Log Manager LogRhythm Components Network and Security Devices Routers Switches Next Gen Firewalls IDS/IPS VPN Flow Hosts and Applications Operating System Applications Databases Others Vulnerability Data Physical Card Access Point of Sale Etc. Log Managers LogRhythm System Monitor File Integrity Monitoring File Activity Monitoring Database Activity Monitoring Process Monitoring Network Connection Monitoring Event Manager Events Advanced Intelligence Engine All Log, Flow and Event Data Events Intelligence Alerts SmartResponse™ • In memory processing of all log and flow data • Correlation, pattern recognition, and behavioral analysis • No blind spots – accurate recognition of compromised accounts and hosts, fraud, misuse, data exfiltration, etc Reports Real-Time Big Data Security Analysis
  23. 23. 1. Vulnerability data collected from Rapid7 Nexpose and Metasploit products 2. For every message, LogRhythm: • Collects • Classifies • GeoTags • Recognizes Events • Assigns Risk Prioritization • Stores log and event data for long term retention • Applies behavioral analysis techniques • Performs correlation across data sources 3. Triggers SmartResponse actions when applicable Integration Use Cases: • Security Risk Assessment • Sophisticated Intrusions • Zero Day Confirmation • Compliance Violations
  24. 24. Quick Investigations and Forensics • Invaluable insight into internal behavior, potential risks and imminent threats • Quick root cause analysis; Identify sources of attacks • Recognize breach scope • Appropriate presentation for key stake holders
  25. 25. Knowledge Experts in:  Advanced threat detection & response  Industry and governmental regulations  Compliance automation and assurance  Log and event taxonomies and normalization  Advanced correlation and rules development  Incident response Providing Out-of-the-Box & Continuously Updated Embedded Expertise  Layouts designed to present the right information to the right people at the right time  Executive Views  Compliance-specific Dashboards  Role-based Analyst Screens  Pre-defined forensic investigations accelerate root cause analysis and impact discovery  Comprehensive library of ready-to-use analytic rule sets & alarms enables immediate use for the detection of threats, breaches and compliance violations  SmartResponse™ plug-ins accelerate response and reduce the impact of actionable events
  26. 26. Example Use Cases Prioritizing Attack Data Identify Zero Day Attacks Quick Remediation Identifies vulnerability state of host Correlates IDS and Malware to detected vulnerabilities Alert on attacks to known vulnerabilities Recognizes susceptible attacks Scans for attack behavior pattern Alert on matches for attempted attacks Maintains library of custom, accurate remediation steps Identifies highly suspicious series of anomalies Triggers immediate scan with associated, specific remediation steps

×