Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Profile

The Top 8 Things to Analyze in Your Network to Detect a Compromised System

by

By LogRhythm – Rob McGovern

This paper, based in part on Rob McGoverns conversation with Randy Franklin Smith, describes common security threats and how to detect them through your network using Network Monitor Freemium.

In this paper, you can read about how to use Network Monitor to answer questions, such as:

  • Where is your network traffic going? Do you know all the outbound IP and URL destinations? Are they safe?
  • What is your network traffic? Does it behave properly? Do you have surprising protocols using well-known ports?
  • What’s going on with DNS? Are you missing security threats hiding in low-level chatty protocol?
  • What’s the frequency of your traffic? Do you have beaconing or C2 traffic hiding in the noise?
  • Are you sure you’ve got your security set up correctly? Can you verify that you aren’t seeing protocols or traffic that you think you’ve blocked?
  • Are you sure you are covered by DLP? Do you have personally identifiable information (PII) moving around your network in clear text?

To learn the top 8 indicators of a compromised system in your network traffic, download the whitepaper , “Detecting Compromised Systems: Analyzing the Top 8 Indicators of Threat Traffic.”

Avoid Major Data Breaches with Effective Threat Lifecycle Management

by

From LogRhythm – December 1, 2016 – Chris Petersen

A New Approach to Cybersecurity

It’s a simple concept: The earlier you detect and mitigate a threat, the less the ultimate cost to your business. Implementing an effective end-to-end threat management process that focuses on reducing detection and response times can help you avoid high-impact security incidents like data breaches. We refer to this process as Threat Lifecycle Management (TLM).

Improve the Efficiency of Your Security Operations with Threat Lifecycle Management

TLM is a series of aligned security operations capabilities and processes that begins with the ability to see broadly and deeply across your IT environment and ends with the ability to quickly mitigate and recover from a security incident.

The goal of effective TLM is to reduce your mean time to detect (MTTD) and mean time to respond (MTTR), while keeping staffing levels flat. However, even mature security operations centers (SOCs) have historically struggled to streamline these complex processes, resulting in reduced team efficiency and effectiveness as well as higher costs.

Fortunately, you can enable effective TLM at a scale appropriate to your business through modern technology, specifically in the areas of machine analytics and security automation and orchestration. Advanced machine analytics are key to discovering potential threats quickly, while security automation and orchestration capabilities increase analyst efficiency to support the entire threat investigation, through full remediation and recovery.

Lower Your Total Cost of Ownership and Maximize Return on Investment

It’s important to note that the realization of effective TLM is an investment in technology, people, and process. On the technology front, it is certainly possible to leverage a combination of disparate systems and solutions. However, when doing so, effectiveness depends on multiple API-level integrations and the speed in which you can navigate multiple product interfaces.

Ideally, a unified platform with a single interface should be used to deliver the combined capabilities to realize end-to-end TLM. Ultimately, only a unified platform can ensure a low total cost of ownership (TCO) and effectively maximize the return on investment (ROI) of your security technology and personnel.

Bottom line: When you realize Threat Lifecycle Management with an advanced, unified platform, you can overcome resource constraints to quickly implement a capable and formidable security operation in support of rapid monitoring, detection, and response.

Download the whitepaper to learn how you can prevent high-impact cyber incidents through optimized threat lifecycle management.

Introducing LogRhythm 7.2

by

From LogRhythm – November 29th, Chris Petersen

I’m excited to share our latest release, LogRhythm 7.2. It arms your team with the ability to detect, respond to, and neutralize threats before they result in damaging cyber incidents like a data breach.

LogRhythm 7.2 builds upon the groundbreaking innovations in LogRhythm 7.1 to minimize total cost of ownership and enable end-to-end threat lifecycle management. So what’s new in 7.2?

Improved Performance and Reduced Total Cost of Ownership

If your organization is like most, your requirements are growing faster than your budget is. LogRhythm 7.2 performs at massive scale, but in a cost-efficient manner.

This release improves data processing and indexing performance by up to 200 percent, reducing your IT infrastructure costs. It also provides automated data source onboarding and streamlines many other administrative tasks, allowing your team to focus on alarms that matter instead of spending time on administration.

New Security Analytics Capabilities and Visibility into Cloud Infrastructure

With LogRhythm 7.2, we’ve expanded our data schema to include over 20 new fields that unlock powerful new threat-detection capabilities.

We’ve also expanded our device support to deliver greater visibility into cloud-based systems, such as AWS, Azure, Salesforce, and Box. Altogether, LogRhythm now provides out-of-the-box MDI support for over 785 unique data source types—twice as many as our closest competitors.

Even Stronger User and Entity Behavior Analytics (UEBA)

LogRhythm uses data from across your users, networks, and endpoints to detect threats across your holistic attack surface. This release offers significant enhancements to our packaged User and Entity Behavioral Analytics (UEBA) module, so you can better identify insider threats, compromised accounts, privilege abuse, and more. The module’s enhancements include new threat detection algorithms, stronger kill-chain corroboration, and improved real-time dashboards enabling more targeted threat hunting.

Streamlined SecOps and Security Automation Orchestration

No one has to tell you about the major shortage of qualified security pros—you’re dealing with it every day. By investing further in our embedded security automation and orchestration capabilities, we are ensuring that you can make the most of your valuable personnel.

We’ve made extensive customer-driven workflow and UI enhancements, including one-click access to threat intelligence data. LogRhythm Labs has created over 20 new SmartResponse™ automated playbook actions, accelerating response and saving time.

The release also enables you to report and trend on mean time to detect and mean time to respond, helping you measure and prove your team’s value.

Learn More about Our Latest Release

As the only focused security intelligence and analytics company, LogRhythm is optimally suited to dig into, understand, and meet our customers’ pressing customer needs. This focus enables the rapid development of relevant improvements that directly benefit customers.

At LogRhythm, we are incredibly focused on our security intelligence and analytics mission. We believe that a unified platform approach to threat lifecycle management is the only way to optimally deliver reduced mean time to detect (MTTD) and mean time to respond (MTTR).

Whether you use LogRhythm as the foundation of a large global 24×7 SOC or small virtual SOC, our latest 7.2 release will help your organization. Its many innovations will reduce your total cost of ownership and also improve the efficiency and effectiveness of your security operations.

For more information on LogRhythm, give us a call at 866-431-8972 or send us an email at sales@symtrex.com

LogRhythm taps machine learning and analytics for its SOC

by

by ITWire – Ray Shaw

When you run a SOC (Security operations centre), you receive so much data that sometimes it is hard to sort the wheat from the chaff. LogRhythm needed at least a 200% boost to its processing power.

LogRhythm,  a Security Intelligence Company, has announced the release of LogRhythm 7.2, a major upgrade to its leading security intelligence and analytics platform. It has been purpose-built to power the next-generation SOC.

This release extends LogRhythm’s lead in providing accurate security analytics with embedded security automation and orchestration to help customers detect, respond to and neutralise cyberthreats before they result in a material breach.

Chris Petersen, CTO and co-founder of LogRhythm, said, “Armed with finite resources to battle a staggering number of possible security threats, CISOs are desperately trying to realise an effective end-to-end threat lifecycle management capability. Whether you support a massive 24×7 global security operations centre or a small virtual SOC, LogRhythm 7.2 will amplify your organisation’s ability to rapidly detect, investigate, and neutralise threats.”

The risk of a breach is steadily climbing, and cloud and internet of things (IoT) deployments further expand the enterprise attack surface.

Enterprise security operations teams recognise that executing end-to-end threat lifecycle management is the only way to effectively manage that risk. However, most are understaffed and overwhelmed, lacking the necessary analytics, automation, and orchestration to stay ahead.

LogRhythm 7.2 addresses these issues by delivering leading capabilities in four key areas: scalability; machine data intelligence; user and entity behaviour analytics (UEBA); and embedded security automation and orchestration.

Michael Meline, the IT security manager at Kootenai Health, said, “Large enterprises are already harnessing the power of LogRhythm 7.2 – it soars to new heights. LogRhythm is putting customers first by developing features collaboratively with users. The Threat Intelligence Service in LogRhythm 7.2 is more actionable and helpful than 7.1 in surfacing important data for better incident response through security automation and orchestration.”

Highlights of the LogRhythm 7.2 security intelligence and analytics platform include:

Greater efficiency, designed for massive environments

  • LogRhythm 7.2 provides up to 200 percent improvement in data processing and indexing performance to help customers cost-efficiently scale, especially in high-volume environments such as those exceeding 100,000 messages per second. What’s more, fully-automated data source onboarding saves countless hours of administration time in large environments.

Accurate security analytics supports, even more, data sources

  • LogRhythm 7.2 extends the depth of the platform’s patented Machine Data Intelligence Fabric™, a feature that automatically extracts contextual meaning from data to enable the most accurate and powerful security analytics. Specifically, LogRhythm 7.2 delivers advanced threat detection capabilities by expanding its industry-leading data schema with more than 20 additional metadata fields. These added fields complement the platform’s industry-leading support for over 785 unique data sources. LogRhythm 7.2 also advances customers’ visibility into cloud-based systems, including AWS, Salesforce, Box and Microsoft Office 365.

Only SIEM provider to deliver “one-stop-shop” for holistic threat detection across user, network, and endpoint-borne threats

  • LogRhythm 7.2 customers will see accelerated detection and investigation of user-borne risks—such as compromised accounts and insider threats – due to extensive enhancements to the User and Entity Behavioral Analytics (UEBA) module. The UEBA module extensions also include new threat detection algorithms, stronger kill-chain corroboration and new real-time dashboards for more targeted threat hunting.

Eliminates costly and inefficient workflow API integrations via embedded Security Automation and Orchestration

  • Security teams will realise improved efficiency and more rapid response to threats due to the security automation and orchestration capabilities embedded into the new LogRhythm 7.2 platform. It helps reduce total cost of ownership by eliminating the need to buy, integrate and maintain expensive third-party solutions and API integrations.
  • LogRhythm 7.2 delivers extensive workflow and UI enhancements based on real-world customer feedback, such as direct in-workflow access to threat intelligence services. The release also adds 20 new SmartResponse actions that provide customers with automated playbooks for an incident response.

 

Cybersecurity 101: The criticality of event logs

by

From CSO Online – Dwight Davis

Coaches love to talk about “the basics” – the fundamental skills their athletes need to master before they can move on to more advanced techniques. The basics can seem simple and even dull, but without them as a foundation, ultimate success can prove elusive.

Cybersecurity programs have their own set of “the basics.” Sadly, one of the most critical of these essentials is also one of the most neglected: the collection and regular review of event logs. Good log practices can pay big dividends throughout the entire cybersecurity lifecycle, from helping to profile “normal” activity, to identifying and preventing attacks, to, if necessary, performing post-breach forensics and remediation.

Even organizations that understand the importance of event logging can be overwhelmed by the sheer volume of events that routinely occur across even modest IT environments. Operating systems, firewalls, network routers, applications and dozens of other infrastructure elements can each generate their own event logs. Large corporate environments may log thousands of events per second and millions of events per day. With the proliferation of mobile devices and Internet-of-Things endpoints, today’s staggering log volumes will only continue to grow.

The embarrassment of riches in raw log information can result in operational paralysis more than information insight if organizations fail to implement sophisticated log filtering systems. Such filters need to strike a balance between collecting any and all event information versus filtering out so many logs that potentially meaningful data is lost.

Once the data is collected, organizations need log retention policies that ensure that pertinent data is still available if needed to detect, prevent or analyze some future security incident. Many companies will need outside experts to help them institute optimal log collection and retention policies.

Once they have good log information in hand, organizations can use it to create profiles of typical networking and user activities. When paired with security information and event management (SIEM) systems, this baseline log information can help security professionals identify suspicious activity that falls outside of expected norms. In this way, the logs form the core of an early warning system that can help organizations counter threats before they even gain a foothold.

When suspected or actual breaches do occur, the log data serves to help in the identification and isolation of any intruder or malware. Then it provides an audit trail for tracking which network elements, processes or users were involved in the attack. While of obvious value, this critical log data is often lacking.

In a recent AT&T Cybersecurity Insights report, Todd Waskelis, executive director of Security Consulting Services at AT&T, said, “We consistently go in and find that the evidence [log] data we need just isn’t there or readily accessible. This makes it difficult for us as we try to figure out what happened.”

Log data can even play a crucial role in mitigating the regulatory or legal ramifications associated with any significant breach. The audit trail provided by the logs may help an organization prove that a breach didn’t occur because of its own negligence or through some other internal fault.

In the cybersecurity realm, where attention is often focused on the latest big attack or on the newest cutting-edge security control, lowly event logs can sometimes be overlooked. But without good log collection, retention and analysis capabilities, an organization’s security program will rest on very unstable ground.

For information on the various SIEM technologies available – give us a call at 866-431-8972 or email us at sales@symtrex.com.