> LogRhythm > SANS Reviews LogRhythm CloudAI for UEBA

SANS Reviews LogRhythm CloudAI for UEBA

White Paper Published By: LogRhythm
Published:  Jun 19, 2018
Type:  White Paper
Length:  9 pages

As in years past, 2017 was packed with stories of cyber security failure. Between sophisticated attackers, lack of proper security monitoring and controls implementation, and devastating data breaches that may have arisen from these scenarios, it’s easy to see that we still face serious challenges in the security arena, with potentially serious consequences. Why are we continually seeing these issues? Many security professionals readily admit that we don’t have the staff, training and breadth of coverage in our security controls to adequately combat the attackers today. How is this happening when we’re spending so much money and time on cyber security? The problem isn’t due to lack of attention, unfortunately. One of the big challenges to incident response in today’s environments lies as much in the tools as how we’ve been using them. Most tools generate event data from our environment. Log management and SIEM platforms have traditionally been used to aggregate these events and allow security teams to search and correlate all this data—and now we are drowning in data. To facilitate more effective detection, we need to better accommodate larger data sets and perform more advanced analysis of the data. Security event monitoring uses a broad variety of data and data types, including logs and events from systems, applications, network and security devices, and other sources. Security teams also need to look for event types that they don’t know about yet. Because user actions, such as falling for phishing attempts, represent the biggest threat vector (according to many SANS surveys), it makes sense to utilize user data to fully analyze, filter and differentiate attacks in progress. To this end, security analytics platforms should allow for the creation of new correlation rules and discovery of new trends and behavioral patterns in the environment, especially those related to end user behavior. In this review, we explored the recently released LogRhythm CloudAI, which provides user-focused behavioral analysis built into LogRhythm. CloudAI encompasses a robust NextGen SIEM solution to extend recognition of user threats. LogRhythm’s application of user and entity behavior analytics (UEBA) capabilities can significantly enhance a traditional event management and security analytics tool set to monitor behaviors tracked over time, alerting analysts to unusual events or patterns of events. LogRhythm now integrates user directories into the data sources it accepts for security analytics, allowing us to monitor activities from specific users over time and flag unusual or abnormal account activity. This new monitoring and alerting functionality is built right into the LogRhythm console, making it easy to create cases, add evidence and track events just as before, but with additional focus and filtering based on user activities and trends. Overall, we found the product easy to use, and with the fully integrated GUI, we found the tool’s self-learning capabilities to be very helpful for hunting, searching and detecting new events.

Tags : 
logrhythm, sans, cloudai, ueba