Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

LogRhythm Finalist in three categories – SC Awards 2017

by

LogRhythm was honoured to be a finalist in two categories in the SC Awards 2017

Best Enterprise Security Solution
This includes tools and services from all product sectors specifically designed to meet the requirements of large enterprises. The winning solution will have been a leading solution during the last two years, having helped to strengthen the IT security industry’s continued evolution. – for their Security Intelligence and Analytics Platform

Check out the complete list

Best Computer Forensic Solution
Products in this category fall into two sub-categories: network and media. The network tools must be exclusively intended for forensic analysis of network events/data. If the product is a SIEM with forensic capabilities, it should be placed in the SIEM category. Media tools cover just about all other non-network forensic tools, including those tools that collect data from media over the network and live forensic tools. This also includes specialized forensic tools that are not intended to analyze network data. – For their Network Monitoring Tool

Check out the complete list

Best SIEM Solution
Security information and event management (SIEM) tools are used to collect, aggregate and correlate log data for unified analysis and reporting. Typically, these tools can take logs from a large number of sources, normalize them and build a database that allows detailed reporting and analysis. While forensic analysis of network events may be a feature of a SIEM, it is not the only feature, nor is it the primary focus of the tool.

Check out the complete list

 

 

The Definitive Guide to Security Intelligence and Analytics

by

By Karen Scarfone

My colleague, Steve Piper, and I just finished writing a free ebook: The Definitive Guide to Security Intelligence and Analytics . In this comprehensive ebook, we cover how you can use security intelligence and analytics technologies to greatly improve detection and to stop threats before damage can be done.

The ebook has three main purposes:

  1. To explain how you and your organization can benefit from adopting and using a security intelligence and analytics platform.
  2. To provide advice on what characteristics to look for when you’re evaluating possible solutions.
  3. To give you tips on deploying a platform solution so you can get the most out of it.

In the ebook, you’ll also learn how to understand attacks and threats, improve detection, streamline response processes, select the right solution, and deploy a solution.

Automating Event Discovery through Security Analytics

One of the most important topics covered by the book is using security analytics techniques to automate the discovery of security events, minimizing the need for human involvement.

Most organizations have enormous volumes of security events to review on a continuous basis, and that can’t be done without heavily relying on automation. Automating security analytics helps organizations to detect malicious activity much more quickly so they can stop it and minimize the damage it would otherwise cause.

A security intelligence and analytics platform uses several types of techniques together for threat detection. One technique is for the platform to establish baselines over time for normal activity and then identify significant changes from those baselines.

Another technique is to use threat intelligence feeds from third parties that capture the characteristics of the latest threats attacking other organizations and individuals around the world.

A final example of a threat detection technique is correlating information from several of the organization’s systems and security controls to identify a security event that traverses all of those places.

Downloading the Ebook

Event discovery automation is just one example of a topic the ebook includes. It covers everything from understanding the basics of the cyberattack lifecycle and threat management to streamlining incident management, threat investigation, and threat mitigation processes. It even outlines the four phases of the security intelligence and analytics platform implementation process, providing insights and recommendations for performing each phase.

Thanks to LogRhythm, The Definitive Guide to Security Intelligence and Analytics ebook is available as a PDF for you to download.

LogRhythm’s Security Analytics Platform: Product Overview

by

By Dan Sullivan – TechTarget

Expert Dan Sullivan examines LogRhythm’s Security Analytics Platform, a product that leverages big data analytics and machine learning to help protect enterprises.

LogRhythm’s Security Analytics Platform is one of several security applications that leverage big data technologies to help mitigate the risk of targeted, persistent threats. It is part of an emerging class of big data security analytics products that are designed to capture, integrate, analyze and store at higher rates and volumes than found in earlier generation security information and management products.

LogRhythm Security Analytics covers a range of analytics areas across an enterprise attack surface, such as user behavior and network anomalies. The platform is designed to give enterprises a holistic view of potential threats using risk-based analytics. Enterprise customers have the option of customizing analytics rules of the platform or using preset threat detection and compliance modules. The security analytics platform also offers users the ability to search, collect and correlate forensic data in the event of a security incident or data breach.

How it works

The big data security analytics platform incorporates advanced analytics technologies for correlation and pattern recognition, as well as multidimensional analysis across users and endpoints. The platform uses machine learning for advanced threat detection; specifically, LogRhythm’s artificial intelligence engine offers continuous automated analysis of different types of data to correlate and identify potential threats. The AI engine comes with nearly 1,000 preconfigured correlation rule sets as well as GUI for security managers to create and customize their own rules.

LogRhythm Security Analytics also offers a forensics analytics feature. The forensics analytics tool is powered by Elasticsearch, an open source search engine, and is designed to help security managers search through large amounts of data quickly using contextual criteria and full-text terms.

In addition, the platform takes advantage of the LogRhythm Knowledge Base, which is regularly updated with new intelligence and components for integrating with endpoint devices. For example, the knowledge base includes rules for parsing over 600 different types of logs and specialized modules for privileged user monitoring, user and endpoint anomaly detection and web application defenses.

There is substantial support for compliance reporting within the LogRhythm Security Analytics platform, including HIPAA, PCI DSS, the Sarbanes-Oxley Act, the Gramm-Leach-Bliley Act, FISMA, ISO 27001 and NERC-CIP regulations.

The security analytics platform can work in conjunction with the LogRhythm Security Intelligence Platform, which offers both traditional SIEM capabilities as well as threat intelligence services.

Support, cost and deployment

LogRhythm provides a number of customer support options, the two most popular being Standard Support and the premium-level Platinum Support. The standard tier offers access to the LogRhythm support portal and access to user forums as well as technical phone support. Phone support is available from 7am to 6pm MST in this tier. Platinum Support, meanwhile, offers 24/7 phone and email support in addition to other standard-level support options.

The platform can be deployed as high performance appliances or as a software application in a virtual environment. For pricing information, contact the vendor.

Conclusion

The LogRhythm Security Analytics Platfrom provides a consolidation point for endpoint and network event data. Its machine learning capability is an essential feature for detecting anomalous events as they occur as well as for supporting forensic analysis, while its support for compliance reporting across a number of major regulations will appeal to businesses in regulated industries. Businesses looking to consolidate device and network logging and analysis may find a good fit with LogRhythm Security Analytics platform.

 

 

 

 

 

Making Security Intelligence a Standard Operating Procedure

by

From our partner LogRhythm’s Blog

By Dan Wilbricht 

Protecting our Nation’s Interconnected Critical Infrastructure

National Cyber Security Awareness Month is coming to an end. Hopefully, we have all come away with some ideas on how to better protect ourselves, organizations, and our country. We must not slow down, take a break from building out protection, or pause on protecting our cyber demands. In fact, we need to be more resilient now more than ever.

We live in a world that is more connected than ever before. This interconnectedness touches almost all aspects of daily life—both professionally and personally. We saw how much we depend on the technology that connects us in last week’s DDoS attack on the public internet. We need to ensure that we take measures to protect our critical technology communications infrastructure.

In an article written last week in the San Diego Tribune in response to the attack, LogRhythm’s CTO and co-founder Chris Petersen said, “I’m an entrepreneur and don’t want more regulation. But as a cyberexpert, I don’t see much alternative in order to protect our nation from damaging cyberattacks.”

Improving Defenses by Making Security Intelligence a Standard Operating Procedure

Today we are at the disposal of terabytes of data to tell us who, what, when, where, and how an intrusion may have occurred. But because of the enormous amounts of information, we need to get better at identifying what is a threat and what is just noise.

We often do not know what we are looking for, and therefore, we need assistance in correlating all of the information. What we do know is that we need to make security intelligence a standard operating procedure (SOP) for all agencies, organizations, and individuals in order to effectively and efficiently cut through the noise and determine actionable intelligence to move the defense of our critical infrastructure forward.

Security Intelligence and Analytics in the Public Sector

The white paper Security Intelligence and Analytics in the Public Sector offers up a solution. While it’s not possible to prevent all threats from affecting an agency’s IT environment, this paper outlines the need to make threat detection and response capabilities an essential requirement.

A unified security intelligence and analytics approach is the best possible approach to threat detection and response. To learn more, download the whitepaper .

The 3 Biggest Mistakes in CyberSecurity

by

August 23, 2016 – Chris Moschovitis – Information Management

Everyone, from the small business owner, to senior executives in businesses of every shape and size are confronting a seemingly insurmountable problem: Constant and rising cyber security breaches. It seems no matter what we do, there is always someone that was hacked, a new vulnerability exploited, and millions of dollars lost.

In an effort to stem the tide people have tried everything: From throwing money at it by buying the latest and greatest tech gizmos promising security, to outsourcing cyber security management, to handing it over to the IT folks to deal with it. And, every time the result is money lost, productivity decreased, and the attacks continue.

Many business people complain that we’re not just losing a battle here and there. We’re losing the war. Is that true?

The truth is that those that keep losing their cyber battles and risk losing the war are making three critical mistakes:

1. They think cyber security is a technology problem.

2. They follow a cyber security check list once-and-done.

3. They don’t have a cyber security awareness training program in place.

First, cyber security is not a technology problem. Far from it. It is a business-critical problem, and more importantly: It’s a people problem, and we need to address it at that level.

Second, cyber security is a constantly evolving battlefield. The threats evolve, the attacks take new paths, the underlying technologies change. A static check list solves yesterday’s problems, not today’s, and certainly not tomorrow’s.

Finally, if people don’t understand the threat they will not even see the attack coming, much less be able to respond and protect themselves. Cyber security awareness training is the only way to prepare everyone for the new reality we live and work in.

Cyber security is not an IT problem either, according to Prosyn. It is a risk management problem. This is easier to understand in you work in a regulated industry. There, the concept, language, even governance of risk management is part of the daily lexicon.

Not so with small and mid-market business less familiar with the risk management function. It doesn’t help that the very nature of the threat and the way the “payload” of the attack is delivered is via information technologies. It almost makes sense to have IT deal with cyber security. But the victims are not the computers. The victims are the businesses and their people.

More importantly: A company’s Information Technology generates Value. It does so a myriad different ways depending on the business you are in, from the actual delivery of goods to clients (e.g. software businesses, data businesses, media and technology businesses etc.) to complementing, enhancing, and realizing the mission and vision of the company (law firms, manufacturing, logistics, healthcare, etc.)

Cyber security, like all risk management, is there to protect value. Therefore, you can never have cyber security (the value protector) report to IT (the value creator). That creates a conflict of interest. Just like IT reports directly to the CEO, so must cyber security. They are parallel tracks keeping the business train aligned and moving.

Once you have the reporting structure correctly in place, you need to empower it with executive buy-in and engagement. Cyber security needs your direction on company goals and risk appetite so they can develop the right strategy to protect the company’s assets. Cyber security professionals, working with the board and executives, including IT and business units, will develop the right defense-in-depth strategy that is right for the company.

Cyber security doesn’t happen in isolation. It is not a set check list. It is dynamic, adjusting strategy to risk, asset value, and controls. As market conditions change, as company goals change, and as technology changes, so will the cyber security strategy.

Neither structure nor strategy will help if you ignore the most important element in cyber security: People. In 2016 ISACA published the top three cybersecurity threats facing organizations in that year. They were, in order: 52% Social Engineering; 40% Insider Threats; 39% Advanced Persistent Threats.

Excluding the advanced persistent threats typically targeted against large multinationals, governments, military, infrastructure and the like, the other two have one common element: People.

It is people that become the victims of cyber-attacks, and by extension, the businesses they work in or do business with. Be it through social engineering, extortion, or any of the many vulnerabilities that hackers can exploit, it is people that get compromised first. They are the ones that have to pick up the pieces when all the data is gone or when their identity is stolen.

The good news is that cyber security awareness training is one of the most effective controls against hackers. Training and sensitizing people to the threats, the methods used, vulnerabilities, even their own personal privacy risks, has been proven time and again as the one thing that makes a real difference in early detection, quick response and recovery during a cyber-attack. Having a quarterly lunch-and-learn will go a long way in developing a culture of cyber awareness, saving both your business and your employees from cyber-harm.

Avoiding these three mistakes in cyber security won’t help win every single battle. But it will guarantee you win the war.