Click here to load reader
Upload
vuongnhi
View
213
Download
1
Embed Size (px)
Citation preview
PAGE 1
Joint Solution Brief
WWW.LOGRHYTHM.COM
About LogRhythm•Empowersorganizationstorapidly
detect,respondtoandneutralize
cyber-threats
•Providesaholisticplatformfor
end-to-endThreatLifecycle
Management,uniquelyunifying
next-genSIEM,logmanagement,
network&endpointforensics,
advancedbehavioranalytics&
machinelearning,andsecurity
automationandorchestration
•Deliversrapidcompliance
automationandassurance,
andenhancedITintelligence
•Consistentmarketleadership
includingrecognitionasaLeaderin
Gartner’sMagicQuadrantsince2012
About Cisco Threat Grid•CiscoThreatGridcombinesstaticand
dynamicmalwareanalysiswiththreat
intelligenceintooneunifiedsolution.
•Itprovidesin-depthinformation
customersneedtoprotecttheir
businessfrommalwareofalltypes.
•Itintegratesbehavioralanalysisand
up-to-the-minutethreatintelligence
feedswithexistingsecurity
technologies,protectingcustomers
frombothknownandunknownattacks.
•ThreatGrid’sdetailedreports,
includingtheidentificationof
importantbehavioralindicatorsand
theassignmentofthreatscores,lets
usersquicklyprioritizeandrecover
fromadvancedattacks.
LogRhythm and Cisco Threat Grid for Integrated Enterprise SecurityLogRhythmandCiscohavepartneredtodelivermutualcustomersenterprise-widethreatdetectionandresponsebyintegratingCisco’sThreatGridthreatintelligenceintoLogRhythm’sThreatLifecycleManagementPlatformandautomatingthediscoveryofindicatorsofcompromiserelativetomalwarethathaspenetratedthenetwork.
LogRhythm’splatformcontinuallyconsumesmalwareanalysisandthreatintelligencedataprovidedbyThreatGridwithothermachinedatacollectedfromacrosstheenvironmenttoaccuratelyidentifyandprioritizehighriskevents.LogRhythmhasdevelopedaSmartResponse™pluginthatallowsanalyststoautomaticallysubmitpotentialindicatorsofcomprisesuchasdomainnames,IPaddresses,hashes,andfilenamesdetectedwithintheLogRhythmplatformtoThreatGridforanalysisandthreatscoring.ResultsfromThreatGridarequicklyandseamlesslyreturnedtotheLogRhythmconsoletofacilitateimmediateprotectiveaction.
The integration allows mutual customers to:•Streamlineprocessesthatwereoncesignificantlymanualandturntheminto
anautomatedworkflowtoreducedetectionandresponsetimes
•Correlateknownthreatswithchangestothebehaviorofendpoints,usersandnetworkstoquicklyalertonandtakeimmediateactiononhighriskevents
•Maturefromloggingandalertingtotakingdynamicactivedefenseactions
WiththecombinedpowerofLogRhythmandCisco,mutualcustomerscaneffectivelycaptureandsendpotentialindicatorsofcompromiseobservedwithintheirenvironmentforadditionalcontextorenrichmentbyqueryingCiscoThreatGrid’sexpansivethreatintelligencerepository.Onceexamined,theindicatorsofcompromisemaybeextractedandresubmittedtoLogRhythmtohelpimproveanorganization’soverallsecurityposture.
SmartResponse™
Automatically updateACLs and IoC watch lists
!
LogRhythm Forensic Sensor Data
Other Log, Security, and Machine Data
Cisco Threat Grid
• Globally sourced threat intelligence
• Static and dynamic malware analysis
• Behavioral indicators of compromise
• Accurate threat scores that aid in prioritization
Threat Lifecycle Management Platform
Machine Data Intelligence
Automatically collect and process data from across the
distributed environment • Behavioral Security Analytics (User/Entity, Network & Endpoint)
• SIEM & Log Management
• Network Monitoring & Forensics
• Endpoint Monitoring & Forensics
• Security Automation & Orchestration
PAGE 2WWW.LOGRHYTHM.COM
Joint Solution Brief - LogRhythm and Cisco Threat Grid for Integrated Enterprise Security
©2017 LogRhythm Inc. | LogRhythm_JSB859_Cisco_Threat_Grid_Sep17
LogRhythmandCiscoThreatGridaretightlyintegrated,bridgingthevalueofThreatGrid’sdynamicmalwareanalysis
andthreatintelligencewiththeadvancedanalyticsandincidentresponsecapabilitiesofLogRhythm’sThreatLifecycle
ManagementPlatform.Thecombinedofferingempowerscustomerstoaccuratelyidentifymaliciousactivity,detect
advancedthreats,mitigateattacks,andprioritizeresponsebasedonaccurate,highlycontextualizedsecurityintelligence.
LogRhythm for Integrated Enterprise Security Intelligence
•Dynamicdefensefordetectingandstoppingunauthorizednetworkthreats
•Multi-dimensionalbehavioralanalyticstodeliverreal-timesecurityintelligence
•Deepvisibilityintoallaspectsofuser,networkandendpointbehavioractivitythroughouttheITenvironment
•Tightintegrationforconsolidatedthreatmanagement
Use Case: Detecting Zero-Day MalwareChallenge:Targetedattacksaredesignedtoevadedetectionbytraditionalperimetersolutions.Onceanintrusiongetsthrough,organizationsstruggletodetectmaliciousactivityandcorroboratethepresenceofmalware,whichdelaysresponsetimesandincreasesrisktotheorganization.
Solution:Tohelporganizationsproactivelydetectunknownmalwareintheirenvironments,LogRhythmandCiscoThreatGridhavedevelopedanintegratedapproachthatcombinesextensivevisibilityandanalysisofmultipleattackvectorswithgloballysourcedmalwareactivityandanalysistodetectmalware.WhenLogRhythm’sadvancedanalyticsandbehavioralprofilingexposemaliciousactivity,aSmartResponsealertcanautomaticallysendattack-relatedartifactstoCiscoThreatGridforanalysisagainstotherknownmalicioussamples.ResultsandaprioritizedthreatscoreareimmediatelyreturnedtotheLogRhythmconsole
Additional Benefit:Analystscanquicklylaunchaforensicinvestigationintotheresultsfromthemalwareanalysistodetermineifmalwareresidesinotherpartsofthenetwork.
Use Case: Operationalizing Threat IntelligenceChallenge:Thevolumeofmaliciousactivityandthespeedatwhichitcanpropagatemakeitdifficultforinformationsecurityprofessionalstoknowwhicheventsposethegreatestrisktotheirorganizations.
Solution:ThreatGriddynamicallyanalyzeskeybehavioralindicatorsandmalwareartifactstoprovideaviewofmalware.LogRhythmconsumesthisintelligenceinrealtime,performingadvancedbehavioralanalysistorecognizewhennetworkactivitywithknownbadactorsisobservedwithinthecustomerenvironment.Thisvisibilityenablesadministratorstoquicklydiscoverandqualifythreatsthatrepresentrealriskintheirenvironment.
Additional Benefit: LogRhythmSmartResponseplug-insaredesignedtoactivelydefendagainstattacksbyinitiatingactionsthatoffsetthethreat,suchasautomaticallyaddingtheattackingIPstoafirewallpolicy.Thisimmediatelystopsallactivitysuchasbotnetcommandandcontrolcommunication.