Successfully reported this slideshow.
Your SlideShare is downloading. ×

Get Real-Time Cyber Threat Protection with Risk Management and SIEM

Jul. 16, 2013
2 likes 1,018 views
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
The Dynamic Nature of Virtualization Security
The Dynamic Nature of Virtualization Security
Loading in …3
×

Check these out next

Lessons Learned for a Behavior-Based IDS in the Energy Sector
EnergySec
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
EnergySec
The Critical Security Controls and the StealthWatch System
Lancope, Inc.
NextGen Endpoint Security for Dummies
Atif Ghauri
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
Kaspersky
Open Platform for ICS Cybersecurity Research and Education
EnergySec
Building a Cyber Security Operations Center for SCADA/ICS Environments
Shah Sheikh
The road towards better automotive cybersecurity
Rogue Wave Software
1 of 27 Ad

Get Real-Time Cyber Threat Protection with Risk Management and SIEM

Jul. 16, 2013
2 likes 1,018 views

Download to read offline

Technology Business

The 2012 Verizon Data Breach Investigations Report quantified the sharp increase in cyber threats, noting that 68% were due to malware, up 20% from 2011. What is most concerning is that 85% of breaches took weeks or more to discover. Despite the focus on threat prevention, breaches will happen. In this environment the ability to identify risk, protect vulnerable assets and manage threats become critical. Learn how these combined solutions can help your organization identify behavioral anomalies, internal and external threats, and prevent breaches based on accurate enterprise security intelligence.

To download a free Nexpose demo, clock here: http://www.rapid7.com/products/nexpose/compare-downloads.jsp

The 2012 Verizon Data Breach Investigations Report quantified the sharp increase in cyber threats, noting that 68% were due to malware, up 20% from 2011. What is most concerning is that 85% of breaches took weeks or more to discover. Despite the focus on threat prevention, breaches will happen. In this environment the ability to identify risk, protect vulnerable assets and manage threats become critical. Learn how these combined solutions can help your organization identify behavioral anomalies, internal and external threats, and prevent breaches based on accurate enterprise security intelligence.

To download a free Nexpose demo, clock here: http://www.rapid7.com/products/nexpose/compare-downloads.jsp

Technology Business
Advertisement

Recommended

The Dynamic Nature of Virtualization Security
Rapid7
357 views
5 slides
Rapid7 NERC-CIP Compliance Guide
Rapid7
1.9k views
36 slides
Compromising Industrial Facilities From 40 Miles Away
EnergySec
1.6k views
55 slides
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
EnergySec
881 views
24 slides
From Air Gap to Air Control
EnergySec
1.1k views
43 slides
DHS ICS Security Presentation
guest85a34f
10.6k views
46 slides
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
Rapid7
6.7k views
33 slides
20 Security Controls for the Cloud
NetStandard
3.4k views
32 slides
Advertisement

More Related Content

Slideshows for you (20)

Lessons Learned for a Behavior-Based IDS in the Energy Sector
EnergySec
1.5k views
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
EnergySec
828 views
The Critical Security Controls and the StealthWatch System
Lancope, Inc.
2.6k views
NextGen Endpoint Security for Dummies
Atif Ghauri
2.4k views
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
Kaspersky
6k views
Open Platform for ICS Cybersecurity Research and Education
EnergySec
2.1k views
Building a Cyber Security Operations Center for SCADA/ICS Environments
Shah Sheikh
16.5k views
The road towards better automotive cybersecurity
Rogue Wave Software
513 views
ICS Network Security Monitoring (NSM)
Digital Bond
6.6k views
Third Party Security Testing for Advanced Metering Infrastructure Program
EnergySec
1.1k views
Redefining Endpoint Security
Burak DAYIOGLU
2.9k views
Extending the 20 critical security controls to gap assessments and security m...
John M. Willis
2.4k views
Cheatsheet for your cloud project
Petteri Heino
1k views
Malware evolution and Endpoint Detection and Response
Adrian Guthrie
261 views
Wfh security risks - Ed Adams, President, Security Innovation
Priyanka Aash
1.9k views
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
Risk Analysis Consultants, s.r.o.
2.4k views
Juniper idp overview
Mohamed Al-Natour
3.3k views
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
45.8k views
Splunk for Security: Background & Customer Case Study
Andrew Gerber
1.7k views
Ebook: Splunk SANS - CIS Top 20 Critical Security Controls
Dominique Dessy
1.9k views
Lessons Learned for a Behavior-Based IDS in the Energy Sector
EnergySec
1.5k views
14 slides
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
EnergySec
828 views
14 slides
The Critical Security Controls and the StealthWatch System
Lancope, Inc.
2.6k views
23 slides
NextGen Endpoint Security for Dummies
Atif Ghauri
2.4k views
26 slides
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
Kaspersky
6k views
20 slides
Open Platform for ICS Cybersecurity Research and Education
EnergySec
2.1k views
20 slides

Viewers also liked (7)

OpenSSL Heartbleed Vulnerability Explained & Tips for Protection
Rapid7
924 views
How to Manage Your Security Control's Effectiveness
Rapid7
876 views
How to Sell Security to Your CIO
Rapid7
533 views
Penetration Testing Techniques - DREAD Methodology
Rapid7
1.9k views
Introducing Data Loss Prevention 14
Symantec
6.9k views
Data Loss Prevention from Symantec
Arrow ECS UK
16.1k views
Integrating Physical And Logical Security
Jorge Sebastiao
10.1k views
OpenSSL Heartbleed Vulnerability Explained & Tips for Protection
Rapid7
924 views
1 slide
How to Manage Your Security Control's Effectiveness
Rapid7
876 views
1 slide
How to Sell Security to Your CIO
Rapid7
533 views
10 slides
Penetration Testing Techniques - DREAD Methodology
Rapid7
1.9k views
1 slide
Introducing Data Loss Prevention 14
Symantec
6.9k views
32 slides
Data Loss Prevention from Symantec
Arrow ECS UK
16.1k views
24 slides
Advertisement

Similar to Get Real-Time Cyber Threat Protection with Risk Management and SIEM (20)

Splunk for Security Breakout Session
Splunk
1.8k views
Cisco Security Presentation
Simplex
3.7k views
Post Wannacry Update
Thomas Springer
170 views
SplunkLive! - Splunk for Security
Splunk
1.5k views
Operational Security Intelligence
Splunk
1.1k views
SplunkSummit 2015 - Splunk User Behavioral Analytics
Splunk
2.2k views
Deepika_Resume
Deepika Siveraj
282 views
Protecting Financial Networks from Cyber Crime
Lancope, Inc.
568 views
Novetta Cyber Analytics
Novetta
1k views
SIEM - Activating Defense through Response by Ankur Vats
OWASP Delhi
2.5k views
Cybersecurity - Jim Butterworth
TechBiz Forense Digital
466 views
Security Breakout Session
Splunk
1.4k views
Big security for big data
Giuliano Tavaroli
431 views
Infosec cert service
Minh Le
1.3k views
Complete Endpoint protection
xband
2.4k views
New Horizons SCYBER Presentation
New Horizons Computer Learning Centers / 5PE
627 views
Be the Hunter
Rahul Neel Mani
506 views
SplunkLive! Stockholm 2015 breakout - Analytics based security
Splunk
683 views
MID_SIEM_Boubker_EN
Vladyslav Radetsky
1.3k views
Building Security Operation Center
S.E. CTS CERT-GOV-MD
28.2k views
Splunk for Security Breakout Session
Splunk
1.8k views
54 slides
Cisco Security Presentation
Simplex
3.7k views
52 slides
Post Wannacry Update
Thomas Springer
170 views
12 slides
SplunkLive! - Splunk for Security
Splunk
1.5k views
57 slides
Operational Security Intelligence
Splunk
1.1k views
39 slides
SplunkSummit 2015 - Splunk User Behavioral Analytics
Splunk
2.2k views
33 slides

More from Rapid7 (12)

[INFOGRAPHIC] The Credit Card Criminal's Playbook: A Retail Data Breach Attac...
Rapid7
2k views
Life's a Breach: Yahoo Gets Burned by SQL Injection
Rapid7
332 views
Rapid7 Report: Data Breaches in the Government Sector
Rapid7
1.4k views
Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.
Rapid7
944 views
Rapid7 CAG Compliance Guide
Rapid7
768 views
Rapid7 FISMA Compliance Guide
Rapid7
1.3k views
Demystifying PCI DSS: Expert Tips and Explanations to Help You Gain PCI DSS C...
Rapid7
811 views
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Rapid7
871 views
IT Security in Higher Education
Rapid7
830 views
Protecting Patient Health Information in the HITECH Era
Rapid7
701 views
What is Penetration Testing?
Rapid7
847 views
Combating Phishing Attacks
Rapid7
932 views
[INFOGRAPHIC] The Credit Card Criminal's Playbook: A Retail Data Breach Attac...
Rapid7
2k views
1 slide
Life's a Breach: Yahoo Gets Burned by SQL Injection
Rapid7
332 views
1 slide
Rapid7 Report: Data Breaches in the Government Sector
Rapid7
1.4k views
10 slides
Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.
Rapid7
944 views
29 slides
Rapid7 CAG Compliance Guide
Rapid7
768 views
9 slides
Rapid7 FISMA Compliance Guide
Rapid7
1.3k views
23 slides
Advertisement

Recently uploaded (20)

Selje_Fox on the Run.ppt
Eric Selje
0 views
FireEye Report.ppt
DubemJavapi
0 views
SELJE - VFP Advanced.pptx
Eric Selje
0 views
Benefits of online software.pptx
AngelaBojos
0 views
LEC 1 Dyestuff and Colour Science. pptx.pptx
NasirSarwar5
0 views
Navjot Singh Thakur.pptx
ThakurNavjotSingh
0 views
College Gets Ransomware Protection with StoneFly Air-Gapped Nodes.pdf
MaryJWilliams2
0 views
netflix2.pptx
akmishrabvb
0 views
AXUG CRM ERP Collaboration Talk 11 2018.potx
ezgiantcom
0 views
Asset Performance Management Market free.docx
FutureMarketInsights1
0 views
Active Voice and Passive Voice.ppt
jhonkhen
0 views
FoxUnit in Depth.pptx
Eric Selje
0 views
SELJE_Database_Unit_Testing_Slides.pdf
Eric Selje
0 views
module3-systemhacking.pdf
tehkotak4
0 views
Outbounding Process - FiveS Digital
Five Splash Infotech Pvt. Ltd.
0 views
L1 Introduction to Information and Communication Technology.pptx
archied4
0 views
Commisioning.pptx
MdAlamgirHossain790134
0 views
SolPartner_InterceptX.pdf
ssusera76ea9
0 views
App Development Trends 2023
MindInventory
0 views
Selje_Amazing VFP2C32 Library.pdf
Eric Selje
0 views
Selje_Fox on the Run.ppt
Eric Selje
0 views
18 slides
FireEye Report.ppt
DubemJavapi
0 views
27 slides
SELJE - VFP Advanced.pptx
Eric Selje
0 views
37 slides
Benefits of online software.pptx
AngelaBojos
0 views
5 slides
LEC 1 Dyestuff and Colour Science. pptx.pptx
NasirSarwar5
0 views
27 slides
Navjot Singh Thakur.pptx
ThakurNavjotSingh
0 views
16 slides

Get Real-Time Cyber Threat Protection with Risk Management and SIEM

  1. 1. Rapid7 & LogRythym Webcast: Get Real-Time Cyber Threat Protection with Risk Management and SIEM
  2. 2. Dana Wolf Director of Products, Rapid7 Presenters 2 Seth Goldhammer Director of Product Management, LogRhythym
  3. 3. Speed With Control Dana Wolf, Director of Products
  4. 4. Meaningful progress in security? 4
  5. 5. 5 Challenges to Forward Progress
  6. 6. Lack of relevant, right-time information 6
  7. 7. Lack of decision-making framework 7
  8. 8. Hard to get others to take action or change 8 IT Guy You mean patch ADOBE? Fix CVE 456?
  9. 9. Under resourced and over stretched 9
  10. 10. 10
  11. 11. Visibility through the chaos 11
  12. 12. The Rapid7 Solution: Speed with Control for You 12 Brain-dead Simple Remediation Time-Saving Automation
  13. 13. Rapid7’s Solution: Security Programs 13 Decision Making Frameworks (Real Risk, Policy & Compliance) Offensive Security Infrastructure Fingerprinting Applications Configuration, Vulnerability Content Remediation Guidance Security Program TrendingSecurity Testing Business Context SecurityPrograms Threat & Exploit Information
  14. 14. Rapid7 & LogRhythm Joint solutions Efficiency & Right-Time information in Monitoring 14
  15. 15. Rapid7 focused on assessing the risk in your organization based on state of the environment LogRhythm focused on monitoring activities in real-time Content from Rapid7’s portfolio adds context to LogRhythm’s monitoring analytics • OS, Vulnerability, Services, Applications, etc. • Exploits, Malware kits, etc. Assessment & Monitoring 15
  16. 16. Let Us Get You Started 16
  17. 17. Get Real-Time Cyber Threat Protection with Risk Management and SIEM LogRhythm Rapid7
  18. 18. 2012 Verizon Breach Report – Key Stats • The number of compromised records across these incidents skyrocketed • “We will likely continue to see the perpetrators utilize such vulnerabilities as the path of least resistance to gain unauthorized entry” • “92% of incidents were discovered by a third party” (Up 6% from previous year) • “Monitor and mine event logs” critical for large organizations • “Anomaly detection is active in the conversation and growing in importance.”
  19. 19. ent.heisler COMP=VENUS SORC=Security CATG=Logon/Logoff EVID=540 Logon ID: (0x0,0x9BDC1AFD) Logon Type: 3 Logon Process: GUID: {0e9506c5-1c90-769c-d69f-933db4f52454} Caller User Name: - Caller Source Network Address: - Source Port: ryce.griswold COMP=VENUS SORC=Security CATG=Logon/Logoff EVID=540 OX Logon ID: (0x0,0x9BDC1B32) Logon Type: 3 Logon Process: 08 AM TYPE=SuccessAudit USER=SANDBOXanthony.mack COMP=VENUS SORC=Sec cessful Network Logon: anthony.mack Domain: SANDBOX Logon ID: (0x0,0x9BDC86 eros Authentication Kerberos Workstation Name: Logon GUID: {4899467d-7bea-9b95-1da5-ff948b - Caller - Caller Process ID: - Transited Services: - Source Network Address: - 11 9:08 AM TYPE=SuccessAudit USER=SANDBOXanthony.mack COMP=VENUS SORC= Successful Network Logon: ame: anthony.mack Domain: SANDBOX Logon ID: (0x0,0x9BD Kerberos Authentication e: Kerberos Workstation Name: Logon GUID: {4899467d-7bea-9b95-1da5-ff9 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 0100101001100100111001100100100101010011100100101011001001001001001100101 100100100100100110010101001110101010110101010101001001001001001000011 100100100100100110010101001110101010110101010101001001001001001000011 100100100100100110010101001110101010110101010101001001001001001000011 100100100100100110010101001110101010110101010101001001001001001000011 100100100100100110010101001110101010110101010101001001001001001000011 100100100100100110010101001110101010110101010101001001001001001000011 100100100100100110010101001110 100100100100100110010101001110 Compromised Credentials Suspicious Privileged User Activity Reconnaissance Followed by Attack Critical Service Failed Brute Force Attack Malicious Content Observed Unauthorized Network Connection Opened Zero Day Exploit Detected Host Compromised Medical Records Breached Credit Card Data TransferredUnauthorized Access of ePHI
  20. 20. Understanding ‘Normal’ User Identity Access Privilege External Context Threat Intelligence IP Reputation GeoLocation Application Access Transactions Error Behavior Host Process Access File Activity Resources Internal Context Business Value Asset Classification Risk Rating Vulnerability Network Connection Direction Content Volume Manual discovery of what’s normal network activity is impractical due to the sheer volume of data across multiple types of dimensions. An unmanageable volume of false positives based on benign anomalies Significant blind spots / false negatives Need an automated technology to learn behavioral attributes across multiple dimensions Normal
  21. 21. What is multi-dimensional? • Multiple dimensions of behavior can be observed • Multiple techniques through which behavior can be modeled • Multiple behaviors can be modeled in a single rule Why is this important • We can align the behavior we want to model with the ideal analysis technique. • We can reduce false positives by identifying multiple behavioral changes indicating a highly corroborated event. • We enable customers to see behavioral changes they’ve been blind to, enabling the detection of a new class of events. Multi-Dimensional Behavioral Analytics(MDBA)
  22. 22. Log Manager Log Manager LogRhythm Components Network and Security Devices Routers Switches Next Gen Firewalls IDS/IPS VPN Flow Hosts and Applications Operating System Applications Databases Others Vulnerability Data Physical Card Access Point of Sale Etc. Log Managers LogRhythm System Monitor File Integrity Monitoring File Activity Monitoring Database Activity Monitoring Process Monitoring Network Connection Monitoring Event Manager Events Advanced Intelligence Engine All Log, Flow and Event Data Events Intelligence Alerts SmartResponse™ • In memory processing of all log and flow data • Correlation, pattern recognition, and behavioral analysis • No blind spots – accurate recognition of compromised accounts and hosts, fraud, misuse, data exfiltration, etc Reports Real-Time Big Data Security Analysis
  23. 23. 1. Vulnerability data collected from Rapid7 Nexpose and Metasploit products 2. For every message, LogRhythm: • Collects • Classifies • GeoTags • Recognizes Events • Assigns Risk Prioritization • Stores log and event data for long term retention • Applies behavioral analysis techniques • Performs correlation across data sources 3. Triggers SmartResponse actions when applicable Integration Use Cases: • Security Risk Assessment • Sophisticated Intrusions • Zero Day Confirmation • Compliance Violations
  24. 24. Quick Investigations and Forensics • Invaluable insight into internal behavior, potential risks and imminent threats • Quick root cause analysis; Identify sources of attacks • Recognize breach scope • Appropriate presentation for key stake holders
  25. 25. Knowledge Experts in:  Advanced threat detection & response  Industry and governmental regulations  Compliance automation and assurance  Log and event taxonomies and normalization  Advanced correlation and rules development  Incident response Providing Out-of-the-Box & Continuously Updated Embedded Expertise  Layouts designed to present the right information to the right people at the right time  Executive Views  Compliance-specific Dashboards  Role-based Analyst Screens  Pre-defined forensic investigations accelerate root cause analysis and impact discovery  Comprehensive library of ready-to-use analytic rule sets & alarms enables immediate use for the detection of threats, breaches and compliance violations  SmartResponse™ plug-ins accelerate response and reduce the impact of actionable events
  26. 26. Example Use Cases Prioritizing Attack Data Identify Zero Day Attacks Quick Remediation Identifies vulnerability state of host Correlates IDS and Malware to detected vulnerabilities Alert on attacks to known vulnerabilities Recognizes susceptible attacks Scans for attack behavior pattern Alert on matches for attempted attacks Maintains library of custom, accurate remediation steps Identifies highly suspicious series of anomalies Triggers immediate scan with associated, specific remediation steps

×