Title: Security Intelligence: Can “Big Data” Analytics Overcome Our Blind Spots? - Logrhythm
1SECURITY INTELLIGENCE
CAN BIG DATA ANALYTICS OVERCOME OUR BLIND SPOTS?
2The Scene Today
01
Organizations have intricate infrastructures
while still supporting legacy applications and
systems
02
Staggering quantities of data to sort through and
retain
03
Data breaches and major compromise scenarios
dominate the news
04
Primary tool for monitoring and responding within
the environment is a Security Information and
Event Management (SIEM)
05
Traditional SIEMs can be complex with widely
varying capabilities from one vendor to the next
3Threats Abound!
Hacking by nation states
Advanced malware
Major shift in attacker focus
Social engineering
Numerous, large data breaches
Insider threats
4Are You Currently Breached?
6
16
2
76
IANS Survey of Security Leaders
5Targeted By Advanced Threats?
10
29
8
53
IANS Survey of Security Leaders
6Organizations Think They're Ready
Non-existent
Brand new (Less than 1 year)
Relatively immature (1-3 years)
Somewhat mature (3-5 years)
Mature (5years)
Security Monitoring Maturity
7Most Breaches Go Undetected
Method of detection
And the job is only getting harder
Source Verizon Report
8Where is the Disconnect?
9Event Monitoring Capabilities
Ability to detect unusual host process and
application behaviors
Ability to detect unusual network connections
Ability to monitor privileged users and
suspicious user behaviors
Deviation from normal network event baselines
Immediate Detection of host or user credential
compromise
IANS Survey of Security Leaders
10Organizations Top 3 Challenges
1. Identification of key events from normal
background activity
2. Correlation of information from multiple
sources (e.g., multiple servers).
3. Lack of analytics capabilities
4. Data normalization at collection
5. Data reduction prior to forwarding the logs to
tools, such as SIEM
6. Managing agents that will forward logs to a
log server
7. Being able to access logs and/or analysis
results without IT support
8. Lack of native visualization capabilities
9. Inconsistent product updates supported by the
vendor
Top three challenges faced when integrating logs
with other tools within their organization
SANS 8th Annual Log Management Survey, SANS
Institute, www.sans.org
11What Can They Do?
12It's Time For a New Approach
Baseline Behavior
Apply Security Analytics
Understand Normal
13IntroducingNext Generation SIEM
14How Does It Work?
Input sources for information analysis
Data normalization and storage
SIEM Components and Focal Areas
Data correlation and analysis
Reporting
Forensics (varying degrees types)
Alerting and response
15SIEM platforms evolving
Identity Management
Event Data
Standalone Monitoring Platform
Vulnerability Assessment
Configuration Management
Platform that provides true context awareness and
analytics capabilities
16LogRhythm Delivers
Real Time Threat/ Breach Detection
Enhanced Situational Awareness
Behavioral Analysis Whitelisting
Forensic Search/ Investigation
Big Data Analytics
17Download Whitepaper
View Demo
Talk with LogRhythm
www.logrhythm.com/ians-info.aspx