More Related Content
Similar to LogRhythm Privileged Use Monitoring Use Case
Similar to LogRhythm Privileged Use Monitoring Use Case (20)
LogRhythm Privileged Use Monitoring Use Case
- 1. USE CASE
Privileged User Monitoring
When it comes to protecting a network from insider threats,
organizations need the ability to keep a watchful eye on its
privileged users. This includes business users with direct access
to confidential data systems, as well as administrators with the
ability to create and modify permissions, privileges and access to
any device.
The challenge is finding a way to keep an eye on all systems
within a large, heterogeneous environment and quickly identify
improper or malicious behavior when, in most cases, the people
responsible for the behavior in question are the ones with access
to the log files that record all user activity.
LogRhythm provides unprecedented auditing and insight into privileged user activity, across the enterprise.
Watching the Watchers Securing the Bread Crumbs Finding the Needle
Challenge
“Administrator” privileges usually Most privileged users behave in a Recording log data related to
include the ability to modify or even responsible and ethical manner. But, privileged user activity is a start.
remove activity log data. While most the high-level access tied to their However, gaining meaningful and
administrators use their access privileges user permissions means that a single timely insight into inappropriate and/
responsibly, it is imperative to establish privileged user with malicious intent or concerning behavior with intelligent
an independent and automated means of can cause enormous damage to an and automated correlation, alerting
capturing and storing log data associated organization. Because they have the and reporting is like trying to find a
with administrator activity and alerting on means to modify data of recorded activity, needle in a haystack.
concerning behavior. tracking the culprit can be difficult.
Solution
LogRhythm’s real-time, automated, Immediate collection by LogRhythm LogRhythm provides Intelligent IT
centralized and secure collection of log with cryptographic hashing provides Search™ capabilities for rapid
data provides independent access to a digital chain-of-custody that user-level investigations, displays
privileged user activity logs without relying eliminates the ability for privileged aggregate and trending visualization
on the privileged user for collection. users to tamper with activity records to identify behavior based patterns,
and conceal nefarious activity. and delivers automated alerting on
specific privileged user activity.
Benefit
Using the alarming tool, LogRhythm LogRhythm’s SecondLook™ archive LogRhythm users can quickly use the
users can set up alerts to send out restoration wizard allows administrators investigate tool on all activity performed
notifications any time a privileged user to immediately query against any by a newly created user, using a
account is added or modified, including archived data, which is automatically combination of detailed forensic views
information about who created the validated to maintain the digital and interactive graphical analyses.
account. chain-of-custody. A simple, wizard-based GUI makes
investigations quick-to-run and easy
to save for future use.
© 2010 LogRhythm Inc. | www.logrhythm.com PrivilegedUserMonitoringUseCase_1004
