PAGE 1

Joint Solution Brief

WWW.LOGRHYTHM.COM

About LogRhythm•Empowersorganizationstorapidly

detect,respondtoandneutralize

cyber-threats

•Providesaholisticplatformfor

end-to-endThreatLifecycle

Management,uniquelyunifying

next-genSIEM,logmanagement,

network&endpointforensics,

advancedbehavioranalytics&

machinelearning,andsecurity

automationandorchestration

•Deliversrapidcompliance

automationandassurance,

andenhancedITintelligence

•Consistentmarketleadership

includingrecognitionasaLeaderin

Gartner’sMagicQuadrantsince2012

About Cisco Threat Grid•CiscoThreatGridcombinesstaticand

dynamicmalwareanalysiswiththreat

intelligenceintooneunifiedsolution.

•Itprovidesin-depthinformation

customersneedtoprotecttheir

businessfrommalwareofalltypes.

•Itintegratesbehavioralanalysisand

up-to-the-minutethreatintelligence

feedswithexistingsecurity

technologies,protectingcustomers

frombothknownandunknownattacks.

•ThreatGrid’sdetailedreports,

includingtheidentificationof

importantbehavioralindicatorsand

theassignmentofthreatscores,lets

usersquicklyprioritizeandrecover

fromadvancedattacks.

LogRhythm and Cisco Threat Grid for Integrated Enterprise SecurityLogRhythmandCiscohavepartneredtodelivermutualcustomersenterprise-widethreatdetectionandresponsebyintegratingCisco’sThreatGridthreatintelligenceintoLogRhythm’sThreatLifecycleManagementPlatformandautomatingthediscoveryofindicatorsofcompromiserelativetomalwarethathaspenetratedthenetwork.

LogRhythm’splatformcontinuallyconsumesmalwareanalysisandthreatintelligencedataprovidedbyThreatGridwithothermachinedatacollectedfromacrosstheenvironmenttoaccuratelyidentifyandprioritizehighriskevents.LogRhythmhasdevelopedaSmartResponse™pluginthatallowsanalyststoautomaticallysubmitpotentialindicatorsofcomprisesuchasdomainnames,IPaddresses,hashes,andfilenamesdetectedwithintheLogRhythmplatformtoThreatGridforanalysisandthreatscoring.ResultsfromThreatGridarequicklyandseamlesslyreturnedtotheLogRhythmconsoletofacilitateimmediateprotectiveaction.

The integration allows mutual customers to:•Streamlineprocessesthatwereoncesignificantlymanualandturntheminto

anautomatedworkflowtoreducedetectionandresponsetimes

•Correlateknownthreatswithchangestothebehaviorofendpoints,usersandnetworkstoquicklyalertonandtakeimmediateactiononhighriskevents

•Maturefromloggingandalertingtotakingdynamicactivedefenseactions

WiththecombinedpowerofLogRhythmandCisco,mutualcustomerscaneffectivelycaptureandsendpotentialindicatorsofcompromiseobservedwithintheirenvironmentforadditionalcontextorenrichmentbyqueryingCiscoThreatGrid’sexpansivethreatintelligencerepository.Onceexamined,theindicatorsofcompromisemaybeextractedandresubmittedtoLogRhythmtohelpimproveanorganization’soverallsecurityposture.

SmartResponse™

Automatically updateACLs and IoC watch lists

!

LogRhythm Forensic Sensor Data

Other Log, Security, and Machine Data

Cisco Threat Grid

• Globally sourced threat intelligence

• Static and dynamic malware analysis

• Behavioral indicators of compromise

• Accurate threat scores that aid in prioritization

Threat Lifecycle Management Platform

Machine Data Intelligence

Automatically collect and process data from across the

distributed environment • Behavioral Security Analytics (User/Entity, Network & Endpoint)

• SIEM & Log Management

• Network Monitoring & Forensics

• Endpoint Monitoring & Forensics

• Security Automation & Orchestration

PAGE 2WWW.LOGRHYTHM.COM

Joint Solution Brief - LogRhythm and Cisco Threat Grid for Integrated Enterprise Security

©2017 LogRhythm Inc. | LogRhythm_JSB859_Cisco_Threat_Grid_Sep17

LogRhythmandCiscoThreatGridaretightlyintegrated,bridgingthevalueofThreatGrid’sdynamicmalwareanalysis

andthreatintelligencewiththeadvancedanalyticsandincidentresponsecapabilitiesofLogRhythm’sThreatLifecycle

ManagementPlatform.Thecombinedofferingempowerscustomerstoaccuratelyidentifymaliciousactivity,detect

advancedthreats,mitigateattacks,andprioritizeresponsebasedonaccurate,highlycontextualizedsecurityintelligence.

LogRhythm for Integrated Enterprise Security Intelligence

•Dynamicdefensefordetectingandstoppingunauthorizednetworkthreats

•Multi-dimensionalbehavioralanalyticstodeliverreal-timesecurityintelligence

•Deepvisibilityintoallaspectsofuser,networkandendpointbehavioractivitythroughouttheITenvironment

•Tightintegrationforconsolidatedthreatmanagement

Use Case: Detecting Zero-Day MalwareChallenge:Targetedattacksaredesignedtoevadedetectionbytraditionalperimetersolutions.Onceanintrusiongetsthrough,organizationsstruggletodetectmaliciousactivityandcorroboratethepresenceofmalware,whichdelaysresponsetimesandincreasesrisktotheorganization.

Solution:Tohelporganizationsproactivelydetectunknownmalwareintheirenvironments,LogRhythmandCiscoThreatGridhavedevelopedanintegratedapproachthatcombinesextensivevisibilityandanalysisofmultipleattackvectorswithgloballysourcedmalwareactivityandanalysistodetectmalware.WhenLogRhythm’sadvancedanalyticsandbehavioralprofilingexposemaliciousactivity,aSmartResponsealertcanautomaticallysendattack-relatedartifactstoCiscoThreatGridforanalysisagainstotherknownmalicioussamples.ResultsandaprioritizedthreatscoreareimmediatelyreturnedtotheLogRhythmconsole

Additional Benefit:Analystscanquicklylaunchaforensicinvestigationintotheresultsfromthemalwareanalysistodetermineifmalwareresidesinotherpartsofthenetwork.

Use Case: Operationalizing Threat IntelligenceChallenge:Thevolumeofmaliciousactivityandthespeedatwhichitcanpropagatemakeitdifficultforinformationsecurityprofessionalstoknowwhicheventsposethegreatestrisktotheirorganizations.

Solution:ThreatGriddynamicallyanalyzeskeybehavioralindicatorsandmalwareartifactstoprovideaviewofmalware.LogRhythmconsumesthisintelligenceinrealtime,performingadvancedbehavioralanalysistorecognizewhennetworkactivitywithknownbadactorsisobservedwithinthecustomerenvironment.Thisvisibilityenablesadministratorstoquicklydiscoverandqualifythreatsthatrepresentrealriskintheirenvironment.

Additional Benefit: LogRhythmSmartResponseplug-insaredesignedtoactivelydefendagainstattacksbyinitiatingactionsthatoffsetthethreat,suchasautomaticallyaddingtheattackingIPstoafirewallpolicy.Thisimmediatelystopsallactivitysuchasbotnetcommandandcontrolcommunication.