The LogRhythm 2018 Tech Summit is underway, and we’re thrilled to have our biggest turnout yet. LogRhythm partners are attending a number of breakout sessions with topics ranging from the power of SmartResponse to an overview of our Phishing Intelligence Engine (PIE). Attendees will also hear about the LogRhythm product roadmap and gain an understanding of how LogRhythm stacks up in today’s competitive security marketplace.
This year, a major focus of the Tech Summit is dedicated to seizing the opportunity to implement an effective User and Entity Behavior Analytics (UEBA) solution.
User and entity-centric threats are a growing concern for security teams and, therefore, a growing need in the market. In fact, the cause of many reported cybersecurity incidents are insider threats.
To detect insider threats, your technology must first be able to understand and baseline user behavior. And it must do so while reducing false-positive alarms in order to pinpoint a threat for effective detection. An effective UEBA solution can mean the difference between rapid threat mitigation and a damaging network breach.
A strong UEBA solution should be able to easily detect if a hacker has accessed a network user’s credentials or reputation, regardless of the attack vector or phishing technique used. This includes the detection of attacks such as pass the hash, pass the token, brute force attacks, and lateral movement following an attack. For successful account compromise detection, the technology will need to recognize indicators of compromise across any asset the user touches—including endpoints and networks.
An insider threat is one of the primary UEBA drivers for many security teams because of the lack of confidence around accurately detecting when an insider threat is occurring. These threats include malicious insiders, compromised insiders, and negligent insiders. This is an area where UEBA solutions can help. By establishing baseline behavior for your users, the solution should be able to detect and alarm on unusual, high-risk behavior that falls out of that baseline profile based on several factors, including time, host, authentication classification, and location.
Privileged Account Abuse
A UEBA solution should be able to identify specific attacks on privilege users who have access to sensitive information. This can be accomplished by detecting compromised credentials and lateral movement to the systems that contain this privileged data. Defining and maintaining a list of privileged users and groups can help your UEBA solution to validate permission changes and quickly disable accounts with observed privilege escalation. In addition to privileged accounts, you’ll also want your UEBA solution to monitor when sensitive, high-value assets are accessed. By identifying and assigning threat risk levels, your UEBA solution should be able to monitor high-profile or high-value assets to generate high-priority alarms for your security team.
An effective UEBA solution has the ability to monitor and alert your team to indicators of data exfiltration as it’s happening in real time. This will allow your team to investigate and stop the exfiltration before damage occurs. Automated responses can be extremely valuable in lowering your team’s mean time to respond—ultimately protecting your organization from a high-profile data breach.
LogRhythm UEBA delivers the features you need to protect your network from both known and unknown threats. Integrated into our holistic platform or available as an standalone solution, LogRhythm UEBA detects threats via supervised and unsupervised machine learning and multidimensional behavioral analytics, helping your team quickly surface, prioritize, and respond to critical events.
The 2018 LogRhythm Technical partner summit gives attendees the opportunity to take a deep dive into LogRhythm UEBA and other products, features, and best practices. This will allow us to work together to build mutual expertise in the security space and ultimately better protect our customers from cyberthreats.
If you’re currently a customer, visit the LogRhythm Community to discuss this post, get your questions answered, and more. Keep the conversation going here: https://community.logrhythm.com/t5/Blog/bd-p/Blog