Security Intelligence: Can “Big Data” Analytics Overcome Our Blind Spots? - Logrhythm

1
SECURITY INTELLIGENCE
CAN BIG DATA ANALYTICS OVERCOME OUR BLIND SPOTS?
2
The Scene Today
01
Organizations have intricate infrastructures
while still supporting legacy applications and
systems
02
Staggering quantities of data to sort through and
retain
03
Data breaches and major compromise scenarios
dominate the news
04
Primary tool for monitoring and responding within
the environment is a Security Information and
Event Management (SIEM)
05
Traditional SIEMs can be complex with widely
varying capabilities from one vendor to the next
3
Threats Abound!
Hacking by nation states
Advanced malware
Major shift in attacker focus
Social engineering
Numerous, large data breaches
Insider threats
4
Are You Currently Breached?
6
16
2
76
IANS Survey of Security Leaders
5
Targeted By Advanced Threats?
10
29
8
53
IANS Survey of Security Leaders
6
Organizations Think They're Ready
Non-existent
Brand new (Less than 1 year)
Relatively immature (1-3 years)
Somewhat mature (3-5 years)
Mature (5years)
Security Monitoring Maturity
7
Most Breaches Go Undetected
Method of detection
And the job is only getting harder
Source Verizon Report
8
Where is the Disconnect?
9
Event Monitoring Capabilities
Ability to detect unusual host process and
application behaviors
Ability to detect unusual network connections
Ability to monitor privileged users and
suspicious user behaviors
Deviation from normal network event baselines
Immediate Detection of host or user credential
compromise
IANS Survey of Security Leaders
10
Organizations Top 3 Challenges
1. Identification of key events from normal
background activity
2. Correlation of information from multiple
sources (e.g., multiple servers).
3. Lack of analytics capabilities
4. Data normalization at collection
5. Data reduction prior to forwarding the logs to
tools, such as SIEM
6. Managing agents that will forward logs to a
log server
7. Being able to access logs and/or analysis
results without IT support
8. Lack of native visualization capabilities
9. Inconsistent product updates supported by the
vendor
Top three challenges faced when integrating logs
with other tools within their organization
SANS 8th Annual Log Management Survey, SANS
Institute, www.sans.org
11
What Can They Do?
12
It's Time For a New Approach
Baseline Behavior
Apply Security Analytics
Understand Normal
13
IntroducingNext Generation SIEM
14
How Does It Work?
Input sources for information analysis
Data normalization and storage
SIEM Components and Focal Areas
Data correlation and analysis
Reporting
Forensics (varying degrees types)
Alerting and response
15
SIEM platforms evolving
Identity Management
Event Data
Standalone Monitoring Platform
Vulnerability Assessment
Configuration Management
Platform that provides true context awareness and
analytics capabilities
16
LogRhythm Delivers
Real Time Threat/ Breach Detection
Enhanced Situational Awareness
Behavioral Analysis Whitelisting
Forensic Search/ Investigation
Big Data Analytics
17
Download Whitepaper
View Demo
Talk with LogRhythm
www.logrhythm.com/ians-info.aspx