-
8/13/2019 Security Intelligence - Can Big Data Analytics
Overcome Blind Spots - Logrhythm
1/17
SECURITY INTELLIGENCE
CAN BIG DATA ANALYTICS
OVERCOME OUR BLIND SPOTS?
-
8/13/2019 Security Intelligence - Can Big Data Analytics
Overcome Blind Spots - Logrhythm
2/17
The Scene Today
01 Organizations have intricate infrastructures while still
supporting legacyapplications and systems
Staggering quantities of data to sort through and retain
Data breaches and major compromise scenarios dominate the
news
Primary tool for monitoring and responding within the
environment is a
Security Information and Event Management (SIEM)
Traditional SIEMs can be complex with widely varying
capabilities from
one vendor to the next
02
03
04
05
-
8/13/2019 Security Intelligence - Can Big Data Analytics
Overcome Blind Spots - Logrhythm
3/17
Threats Abound!
Hacking by nation states
Major shift in attacker focus
Numerous, large data breaches
Advanced malware
Social engineering
Insider threats
-
8/13/2019 Security Intelligence - Can Big Data Analytics
Overcome Blind Spots - Logrhythm
4/17
Are You Currently Breached?
Yes
IANS Survey of Security Leaders
76%
16% 2%
6%
No
Not Sure
Likely
-
8/13/2019 Security Intelligence - Can Big Data Analytics
Overcome Blind Spots - Logrhythm
5/17
Targeted By Advanced Threats?
IANS Survey of Security Leaders
53%
8%
29%
10%
Yes
No
Not Sure
Likely
-
8/13/2019 Security Intelligence - Can Big Data Analytics
Overcome Blind Spots - Logrhythm
6/17
Organizations Think They're Ready
Non-existentBrand new
(Less than
1 year)Relatively
immature
(1-3 years)
Somewhat
mature
(3-5 years)Mature
(5+years)
Security Monitoring Maturity
-
8/13/2019 Security Intelligence - Can Big Data Analytics
Overcome Blind Spots - Logrhythm
7/17
Most Breaches Go Undetected
of all organizations took months or even
years to discover the initial breach.54%
Method of detection
of organizations were notified
by an external organization92%
And the job is only getting harder
were detected passively
inside the organization28% by active discovery effortsOnly
16%
Source: Verizon Report
-
8/13/2019 Security Intelligence - Can Big Data Analytics
Overcome Blind Spots - Logrhythm
8/17
Where is the Disconnect?
-
8/13/2019 Security Intelligence - Can Big Data Analytics
Overcome Blind Spots - Logrhythm
9/17
Event Monitoring Capabilities
Ability to detect unusual host process and
application behaviors
Ability to detect unusual network
connections
Ability to monitor privileged users and
suspicious user behaviors
Deviation from normal network event
baselines
Immediate Detection of host or usercredential compromise
IANS Survey of Security Leaders
-
8/13/2019 Security Intelligence - Can Big Data Analytics
Overcome Blind Spots - Logrhythm
10/17
Organizations Top 3 Challenges
1. Identification of key events from normal background
activity
2. Correlation of information from multiple sources (e.g.,
multiple servers).
3. Lack of analytics capabilities
4. Data normalization at collection
5. Data reduction prior to forwarding the logs to tools, such as
SIEM
6. Managing agents that will forward logs to a log server
7. Being able to access logs and/or analysis results without IT
support
8. Lack of native visualization capabilities
9. Inconsistent product updates supported by the vendor
Top three challenges faced when
integrating logs with other tools
within their organization
SANS 8thAnnual Log Management Survey, SANS Institute,
www.sans.org
-
8/13/2019 Security Intelligence - Can Big Data Analytics
Overcome Blind Spots - Logrhythm
11/17
What Can They Do?
-
8/13/2019 Security Intelligence - Can Big Data Analytics
Overcome Blind Spots - Logrhythm
12/17
It's Time For a New Approach
Baseline
Behavior
Apply Security
Analytics
Understand
Normal
-
8/13/2019 Security Intelligence - Can Big Data Analytics
Overcome Blind Spots - Logrhythm
13/17
IntroducingNext Generation SIEM
-
8/13/2019 Security Intelligence - Can Big Data Analytics
Overcome Blind Spots - Logrhythm
14/17
How Does It Work?
Input sources
for information
analysis
Data normalization
and storage
Data correlation
and analysis
Alerting and
response
Forensics (varying
degrees & types)
Reporting
SIEMComponents and
Focal Areas
-
8/13/2019 Security Intelligence - Can Big Data Analytics
Overcome Blind Spots - Logrhythm
15/17
SIEM platforms evolving
Identity
Management
Vulnerability
Assessment
Configuration
Management
Event Data
Standalone
Monitoring Platform
Platform that provides true context
awareness and analytics capabilities
-
8/13/2019 Security Intelligence - Can Big Data Analytics
Overcome Blind Spots - Logrhythm
16/17
LogRhythm Delivers
Real Time Threat/
Breach Detection
Behavioral Analysis
& Whitelisting
Forensic Search/
InvestigationBig Data
Analytics
Enhanced
Situational
Awareness
-
8/13/2019 Security Intelligence - Can Big Data Analytics
Overcome Blind Spots - Logrhythm
17/17
17
DownloadWhitepaper View Demo Talk withLogRhythm
www.logrhythm.com/ians-info.aspx
http://ecrm.logrhythm.com/WebIANSSecurityIntelligenceBigDataAnalytics12-2012.htmlhttp://ecrm.logrhythm.com/WebIANSSecurityIntelligenceBigDataAnalytics12-2012.htmlhttp://logrhythm.com/resources/in-depth-product-demo.aspxhttp://logrhythm.com/resources/request-more-info.aspxhttp://logrhythm.com/resources/request-more-info.aspxhttp://logrhythm.com/resources/request-more-info.aspxhttp://logrhythm.com/resources/in-depth-product-demo.aspxhttp://ecrm.logrhythm.com/WebIANSSecurityIntelligenceBigDataAnalytics12-2012.html
