2 | © 2016 LogRhythm
3 | © 2016 LogRhythm
Things do get in!
4 | © 2016 LogRhythm
Can you see the threat?
5 | © 2016 LogRhythm
6 | © 2016 LogRhythm
7 | © 2016 LogRhythm
69% Enterprises are blind to attacks despite massive investment
Active Phase
100+ days to find attackers
Security Gap
Source: M-Trends 2016
○ Firewalls
○ IPS
○ Proxies
○ Sandboxes
○ Backup
○ Forensic consultants
$$$$
$
$$$
$$
AUTOMATE
WITH AI
○ In-house Sec analysts
○ Outsourced SOC teams
○ Incident response consultants
○ Legacy technologies
En
terp
ris
e In
ve
stm
en
t
Clean-up PhasePrevention Phase
8 | © 2016 LogRhythm
Recon. & Planning
Initial Compromise
Command & Control
Lateral Movement
Target Attainment
Exfiltration, Corruption, Disruption
Modern threats take their time
and leverage the holistic attack surface
The Cyber Attack Lifecycle
9 | © 2016 LogRhythm
Protection Through Faster Detection & Response
High Vulnerability Low Vulnerability
Months
Days
Hours
Minutes
Weeks
MT
TD &
MT
TR
MEAN TIME TO DETECT (MTTD)
The average time it takes to recognize
a threat requiring further analysis and
response efforts
MEAN TIME TO RESPOND (MTTR)
The average time it takes to respond
and ultimately resolve the incident
As organizations improve their ability to
quickly detect and respond to threats,
the risk of experiencing a damaging
breach is greatly reduced
Exposed to Threats Resilient to Threats
10 | © 2016 LogRhythm
Detection & Response
IT Security Budgets 2013
Prevention
Detection & Response
and managed services
Prevention
IT Security Budgets 2020
Strategic Shift to Detection and Response is Occurring
Sources: Gartner, Shift Cybersecurity Investment to Detection and Response, January 2016; Gartner, Forecast: Information Security, Worldwide, 2014-2020, 1Q16 Update, April 2016
Note: Excludes security services from estimated overall market spend for enterprise information security
By 2020, 60% of enterprise information security budgets will be allocated for
rapid detection and response approaches, up from 20% in 2015. –Gartner, 2016
Detection & Response
IT Security Budgets 2015
Prevention
11 | © 2016 LogRhythm
Obstacles To Faster Detection & Response
Data Quality
Alarm Fatigue
Swivel Chair Analysis
Forensic Data Silos
Fragmented Workflow
Lack of Automation
Effective Threat Lifecycle Management
Addresses these obstacles Enables faster detection and
response to threats
12 | Company Confidential
Threat Lifecycle Management (TLM)
• Series of aligned security operations capabilities
• Begins with ability to “see” broadly and deeply across IT environment
• Ends with ability to quickly mitigate and recover from security incidents
Goal is to reduce mean time to detect (MTTD) and mean time to respond (MTTR), while keeping staffing levels flat
13 | Company Confidential
End-to-End Threat Lifecycle Management Workflow
TIME TO DETECT TIME TO RESPOND
Forensic Data Collection
InvestigateQualifyDiscover RecoverNeutralize
Security event data
Log & machine data
Forensic sensor data
Search analytics
Machine analytics
Assess threat
Determine risk
Is full investigation necessary?
Analyze threat
Determine nature and
extent of incident
Implement counter-
measures
Mitigate threat & associated risk
Clean up
Report
Review
Adapt
14 | Company Confidential
This Approach Is Not Effective
Log Management SIEM
Endpoint Monitoring & Forensics
Security Automation & Orchestration
Network Behavioral Analytics
Security Analytics
15 | Company Confidential
Our Approach
Forensic Data
CollectionDiscover Qualify Investigate Neutralize Recover
16 | Company Confidential
Machine Data Intelligence Fabric
LogRhythm Network Monitor
LogRhythm System Monitor
Data Collection
Data Generation
Machine Data Intelligence (MDI) Fabric• Uniform Data Classification• Uniform Data Structure• Time Normalization• Risk Score• Organizational Context
• User Persona• Host Persona• Geolocation• Flow Direction• …more
Search Analytics Machine Analytics
Benefits Serves as IT environment abstraction layer
Enables generic scenario representation
Allows for high-efficacy packaged analytics modules
17 | Company Confidential
Learned Intelligence : Out of Box Behavioural Analytics
18 | Company Confidential
19 | Company Confidential
Company Confidential
WannaCry
21 | Company Confidential
Top 5 Differentiators
TIME TO DETECT TIME TO RESPOND
Forensic Data Collection
InvestigateQualifyDiscover RecoverNeutralize
2. Precision Search
3. Holistic Threat Detection
5. Embedded Security Automation and Orchestration
1. Machine Data Intelligence (MDI)
4. Risk-Based Monitoring
22 | © 2016 LogRhythm
Why LogRhythm As Your Strategic TLM Partner
Broad Regulatory Compliance
Focus
Innovation
Customer Success
Platform Scalability & Flexibility
23 | © 2016 LogRhythm