Detecting new and unique attacks requires a different strategy to the traditional prevention-centric model of IT security.
The traditional model looks like a coconut. Tough on the outside, soft (or non-existent) on the inside. Organizations are well-trained in deploying firewalls, Web proxies, antivirus and other prevention-centric technologies.
However, the reality is that 76% of organizations were compromised by a successful cyber-attack in 2015 [1]. With perimeters becoming ill-defined and fluid due to the rise in the adoption of bring your own device (BYOD), cloud services and the mobile workplace, you can no longer rely on building big walls to keep people out.
A modern organization understands IT security is like an onion—with multiple firm layers, all of the way to the core.
This strategy requires a change in thinking. You must assume that any host may be compromised regardless of where it sits or what it does at any time. You must also place greater emphasis on understanding user behavior. A subset of employees (think: admins) have the keys to the kingdom. Just imagine the potential damage stolen credentials or a disgruntled employee could inflict on your organization.
In the below video, you’ll see host becoming compromised using a previously undetected attack, and how LogRhythm detects and automatically mitigates this threat in real time.
Using forensic information from network traffic, infrastructure systems, host activity and user behavior, LogRhythm can determine when a combination of seemingly disparate actions represent real and significant risk. Instead of focusing on simple rules, LogRhythm focuses its efforts on holistic analytics across data sets to identify abnormal behavior patterns.
In the video, I’ll show how rapid mitigation and remediation of threats is achievable using LogRhythm SmartResponse™. By working with your existing IT infrastructure and security investments, LogRhythm takes direct action in response to serious risk.
Watch the below use case video to see how an organization could benefit by having a strategy of monitoring, detection and response rather than prevention-centric approach.
[1] The CyberEdge Group, 2016 Cyberthreat Defense Report