4 Easy Ways to Turn Endpoint Data into Actionable Insight … · Company Confidential Powered by 4...
Transcript of 4 Easy Ways to Turn Endpoint Data into Actionable Insight … · Company Confidential Powered by 4...
![Page 1: 4 Easy Ways to Turn Endpoint Data into Actionable Insight … · Company Confidential Powered by 4 Easy Ways to Turn Endpoint Data into Actionable Insight 2/7/2017](https://reader034.fdocuments.us/reader034/viewer/2022042319/5f0827b77e708231d4209cc8/html5/thumbnails/1.jpg)
Company Confidential
Powered by
4 Easy Ways to Turn Endpoint Data into Actionable Insight
2/7/2017
![Page 2: 4 Easy Ways to Turn Endpoint Data into Actionable Insight … · Company Confidential Powered by 4 Easy Ways to Turn Endpoint Data into Actionable Insight 2/7/2017](https://reader034.fdocuments.us/reader034/viewer/2022042319/5f0827b77e708231d4209cc8/html5/thumbnails/2.jpg)
Greg FossManager, Global SecOpsLogRhythm
Chris BerningerSr. Systems Engineer, Business Development
Carbon BlackJake ReynoldsTechnical Alliances EngineerLogRhythm
![Page 3: 4 Easy Ways to Turn Endpoint Data into Actionable Insight … · Company Confidential Powered by 4 Easy Ways to Turn Endpoint Data into Actionable Insight 2/7/2017](https://reader034.fdocuments.us/reader034/viewer/2022042319/5f0827b77e708231d4209cc8/html5/thumbnails/3.jpg)
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL3
1 Who we are
2 What is Cb Response
3 How Cb Response & LogRhythm create joint value
4 Demo
![Page 4: 4 Easy Ways to Turn Endpoint Data into Actionable Insight … · Company Confidential Powered by 4 Easy Ways to Turn Endpoint Data into Actionable Insight 2/7/2017](https://reader034.fdocuments.us/reader034/viewer/2022042319/5f0827b77e708231d4209cc8/html5/thumbnails/4.jpg)
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL4
PROVEN ENDPOINT SECURITY PIONEERS
AV REPLACEMENT
CERTIFIED
MARKET-LEADING
DETECTION
& RESPONSE
BREAKTHROUGH
PREVENTION
30of Fortune 100
2,500+Organizations
7M+
Licenses
10,000Practitioners
75+
IR/MSSPs
#1NG EPP share
![Page 5: 4 Easy Ways to Turn Endpoint Data into Actionable Insight … · Company Confidential Powered by 4 Easy Ways to Turn Endpoint Data into Actionable Insight 2/7/2017](https://reader034.fdocuments.us/reader034/viewer/2022042319/5f0827b77e708231d4209cc8/html5/thumbnails/5.jpg)
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL5
Cb RESPONSE: IR & THREAT HUNTING
COMPLETE
VISIBILITYPROACTIVE
THREAT HUNTING
REAL-TIME
RESPONSE
![Page 6: 4 Easy Ways to Turn Endpoint Data into Actionable Insight … · Company Confidential Powered by 4 Easy Ways to Turn Endpoint Data into Actionable Insight 2/7/2017](https://reader034.fdocuments.us/reader034/viewer/2022042319/5f0827b77e708231d4209cc8/html5/thumbnails/6.jpg)
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL6
COMPLETE VISIBILITY
PROCESS ACTIVITY
REGISTRY ACTIVITY
FILE ACTIVITY
NETWORK ACTIVITY
IDENTIFY ROOT CAUSE
CAPTURE ALL ACTIVITY
AGGREGATE THREAT INTEL
VISUALIZE THE ATTACK
MINIMIZE RESOURCE IMPACT
CONTINUOUS ANDCENTRALIZED
![Page 7: 4 Easy Ways to Turn Endpoint Data into Actionable Insight … · Company Confidential Powered by 4 Easy Ways to Turn Endpoint Data into Actionable Insight 2/7/2017](https://reader034.fdocuments.us/reader034/viewer/2022042319/5f0827b77e708231d4209cc8/html5/thumbnails/7.jpg)
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL7
Correlate Log Activity With Rich Endpoint Visibility
![Page 8: 4 Easy Ways to Turn Endpoint Data into Actionable Insight … · Company Confidential Powered by 4 Easy Ways to Turn Endpoint Data into Actionable Insight 2/7/2017](https://reader034.fdocuments.us/reader034/viewer/2022042319/5f0827b77e708231d4209cc8/html5/thumbnails/8.jpg)
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL8
Two-Way Integration – Cb Response And LogRhythm
Threat Lifecycle Management Platform
• Behavioral Analytics
• SIEM & Log Management
• Network Monitoring & Forensics
• Endpoint Monitoring & Forensics
• Security Automation & Orchestration
Cb Response
• Endpoint Detection & Response
• Continuous & Centralized Recording
• Instant Root Cause Identification
• Remote Isolation & Remediation
Machine Data
Intelligence
SmartResponse™
![Page 9: 4 Easy Ways to Turn Endpoint Data into Actionable Insight … · Company Confidential Powered by 4 Easy Ways to Turn Endpoint Data into Actionable Insight 2/7/2017](https://reader034.fdocuments.us/reader034/viewer/2022042319/5f0827b77e708231d4209cc8/html5/thumbnails/9.jpg)
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL9
DEMO
![Page 10: 4 Easy Ways to Turn Endpoint Data into Actionable Insight … · Company Confidential Powered by 4 Easy Ways to Turn Endpoint Data into Actionable Insight 2/7/2017](https://reader034.fdocuments.us/reader034/viewer/2022042319/5f0827b77e708231d4209cc8/html5/thumbnails/10.jpg)
Company Confidential
![Page 11: 4 Easy Ways to Turn Endpoint Data into Actionable Insight … · Company Confidential Powered by 4 Easy Ways to Turn Endpoint Data into Actionable Insight 2/7/2017](https://reader034.fdocuments.us/reader034/viewer/2022042319/5f0827b77e708231d4209cc8/html5/thumbnails/11.jpg)
Company Confidential
Recon. & Planning
Initial Compromise
Command & Control
Lateral Movement
Target Attainment
Exfiltration, Corruption, Disruption
Modern threats take their time
and leverage the holistic attack surface
The Cyber Attack Lifecycle
![Page 12: 4 Easy Ways to Turn Endpoint Data into Actionable Insight … · Company Confidential Powered by 4 Easy Ways to Turn Endpoint Data into Actionable Insight 2/7/2017](https://reader034.fdocuments.us/reader034/viewer/2022042319/5f0827b77e708231d4209cc8/html5/thumbnails/12.jpg)
Company Confidential
End-to-End Threat Lifecycle Management Workflow
TIME TO DETECT TIME TO RESPOND
Forensic Data Collection
InvestigateQualifyDiscover RecoverNeutralize
Security event data
Log & machine data
Forensic sensor data
Search analytics
Machine analytics
Assess threat
Determine risk
Is full investigation necessary?
Analyze threat
Determine nature and
extent of incident
Implement counter-
measures
Mitigate threat & associated risk
Clean up
Report
Review
Adapt
![Page 13: 4 Easy Ways to Turn Endpoint Data into Actionable Insight … · Company Confidential Powered by 4 Easy Ways to Turn Endpoint Data into Actionable Insight 2/7/2017](https://reader034.fdocuments.us/reader034/viewer/2022042319/5f0827b77e708231d4209cc8/html5/thumbnails/13.jpg)
Company Confidential
![Page 14: 4 Easy Ways to Turn Endpoint Data into Actionable Insight … · Company Confidential Powered by 4 Easy Ways to Turn Endpoint Data into Actionable Insight 2/7/2017](https://reader034.fdocuments.us/reader034/viewer/2022042319/5f0827b77e708231d4209cc8/html5/thumbnails/14.jpg)
Company Confidential
Carbon Black Response - Integration
Alarming
Trigger on Specific Watch List Hits
![Page 15: 4 Easy Ways to Turn Endpoint Data into Actionable Insight … · Company Confidential Powered by 4 Easy Ways to Turn Endpoint Data into Actionable Insight 2/7/2017](https://reader034.fdocuments.us/reader034/viewer/2022042319/5f0827b77e708231d4209cc8/html5/thumbnails/15.jpg)
Company Confidential
Cb Response -Integration
Alarming
Admin Tracking
![Page 16: 4 Easy Ways to Turn Endpoint Data into Actionable Insight … · Company Confidential Powered by 4 Easy Ways to Turn Endpoint Data into Actionable Insight 2/7/2017](https://reader034.fdocuments.us/reader034/viewer/2022042319/5f0827b77e708231d4209cc8/html5/thumbnails/16.jpg)
Company Confidential
Carbon Black Response - Integration
Alarming
Admin Tracking
Reporting
![Page 17: 4 Easy Ways to Turn Endpoint Data into Actionable Insight … · Company Confidential Powered by 4 Easy Ways to Turn Endpoint Data into Actionable Insight 2/7/2017](https://reader034.fdocuments.us/reader034/viewer/2022042319/5f0827b77e708231d4209cc8/html5/thumbnails/17.jpg)
Company Confidential
Carbon Black Response - Integration
Alarming
Admin Tracking
Reporting
Analysis
![Page 18: 4 Easy Ways to Turn Endpoint Data into Actionable Insight … · Company Confidential Powered by 4 Easy Ways to Turn Endpoint Data into Actionable Insight 2/7/2017](https://reader034.fdocuments.us/reader034/viewer/2022042319/5f0827b77e708231d4209cc8/html5/thumbnails/18.jpg)
Company Confidential
![Page 19: 4 Easy Ways to Turn Endpoint Data into Actionable Insight … · Company Confidential Powered by 4 Easy Ways to Turn Endpoint Data into Actionable Insight 2/7/2017](https://reader034.fdocuments.us/reader034/viewer/2022042319/5f0827b77e708231d4209cc8/html5/thumbnails/19.jpg)
Company Confidential
Carbon Black Response - Integration
Alarming
Admin Tracking
Reporting
Analysis
Automation
Perform Actions Based on Alarms Observed
![Page 20: 4 Easy Ways to Turn Endpoint Data into Actionable Insight … · Company Confidential Powered by 4 Easy Ways to Turn Endpoint Data into Actionable Insight 2/7/2017](https://reader034.fdocuments.us/reader034/viewer/2022042319/5f0827b77e708231d4209cc8/html5/thumbnails/20.jpg)
Company Confidential
DEMO
![Page 21: 4 Easy Ways to Turn Endpoint Data into Actionable Insight … · Company Confidential Powered by 4 Easy Ways to Turn Endpoint Data into Actionable Insight 2/7/2017](https://reader034.fdocuments.us/reader034/viewer/2022042319/5f0827b77e708231d4209cc8/html5/thumbnails/21.jpg)
Company Confidential
![Page 22: 4 Easy Ways to Turn Endpoint Data into Actionable Insight … · Company Confidential Powered by 4 Easy Ways to Turn Endpoint Data into Actionable Insight 2/7/2017](https://reader034.fdocuments.us/reader034/viewer/2022042319/5f0827b77e708231d4209cc8/html5/thumbnails/22.jpg)
Company Confidential
During this half-day workshop, you will learn how to:
Explore LogRhythm’s SIEM technology and the benefits of integrating Carbon Black through a series of demos, and guided hands-on use cases.
• Correlate detailed endpoint activity with other environmental context to recognize early indicators of potential compromise
• Deploy real-time countermeasures on an endpoint to prevent further impact and expedite incident response
• Prevent the spread of advanced malware
• Detect insider threats
• Automate remediation and forensic investigation
![Page 23: 4 Easy Ways to Turn Endpoint Data into Actionable Insight … · Company Confidential Powered by 4 Easy Ways to Turn Endpoint Data into Actionable Insight 2/7/2017](https://reader034.fdocuments.us/reader034/viewer/2022042319/5f0827b77e708231d4209cc8/html5/thumbnails/23.jpg)
Company Confidential
QUESTIONS?
Greg Foss
Jake Reynolds
Chris Berninger