Threat Lifecycle Management
Why?
2009 2010 2011 2012 2013 2014
cyber incidents
Source: PwC, The Global State of Information Security Survey 2015
2017?2016?2015?
detected 42.8 million
“84% of breach evidence resided in the log data.”
Verizon Data Breach Investigation Report
“By 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches up from less than 10% in 2013.”
- Neil MacDonald, Gartner
Why?Faster Detection & Response Reduces Risk
Mean Time To Detect
™
Mean Time To Respond
™
Months Weeks Days Hours Minutes
High
Low
MTTD & MTTR
Chance ofSignificant Breach
Reconnaissan
ceInitial
CompromiseCommand & Control
Lateral Movement
Target Attainment ExfiltrationCommand
& ControlLateral
MovementTarget
Attainment Exfiltration
By reducing MTTD and MTTR LogRhythm’s Security Intelligence Platform helps break the kill chain.
Early neutralisation equals no damaging cyber incident or data breach.
Anatomy Of An Attack
XM
SmartResponseTM
Spear-phishing
Attack email received
Threat Intelligence
Malware Installed
(malicious PDF)
User & Endpoint Analytics
Network reconnaissanc
e(port scan)
Network Analytics
Threat Intelligence
Brute Force Attack
User Analytics
LogRhythm SmartResponse
™
Incident Management
Holistic Analytics
People & Process
00:09.07 00:09.40 00:09.52 00:10.02 00:10.12
Threat Lifecycle Management™TIME TO
RESPOND
SecurityEvent Data
Log &Machine Data
Forensic Sensor Data
Forensic Data
Analyze the threat
and associated
risk, determine
if an incident has or is occurring
Investigate Mitigate
Implement counter-
measures and
controls that
mitigate the risk
presented by
the threat
Qualify
Assess threat,
determine if it poses risk and
whether a full
investigation
is required
Machine Analytics
DiscoverUser
Analytics
TIME TO DETECT
Recover
Eradicate Cleanup ReportReview Adapt
Thank You
Top Related