Recognize Indicators of Compromise with Complete Endpoint Visibility

As attacks increase in breadth, scope, and complexity, one of the most common vectors that remains is the endpoint. With up to thousands of endpoints to safeguard, it’s imperative to have solutions that seamlessly integrate to provide complete visibility into endpoint activity. It’s also necessary to have the ability to quickly respond if an abnormality or malicious activity occurs.

LogRhythm has partnered with Cylance to help customers address this challenge.

Recognize and Respond to Early Indicators of Compromise

The LogRhythm and Cylance integration centers around the ability to detect and prioritize intrusions faster by correlating detailed endpoint activity with other environmental context to recognize early indicators of potential compromise. The LogRhythm NextGen SIEM Platform continuously collects, normalizes, and analyzes rich, dynamic endpoint telemetry captured by CylancePROTECT. LogRhythm built Cylance-specific SmartResponse automated remediation actions to assist with rapid threat response.


Figure 1: Cylance data displayed in LogRhythm dashboard

The Cylance-specific SmartResponse plugin performs two major actions — the first is a contextual action that obtains host information. This includes details such as hostname/IP address, operating system (OS), status of the Cylance agent, status of the host (clean/infected), and last logged-on user. This contextual data supports analysts when investigating and remediating a threat as it enables them to determine the scope of an incident and accelerate workflows.

This SmartResponse is also capable of quarantining a file globally. In response to a malware incident, analysts can use this action to remove a file from all hosts on the network and prevent the breach from incurring further damage. This action is also useful when quarantining files not yet known as malicious, or when used to remove files from hosts that constitute a policy violation rather than security issue.

To learn more about our combined solution, please utilize these helpful resources:

Rapidly Respond to Threats with SmartResponse

LogRhythm continues to innovate and develop solutions to make security professionals more effective at their job and focus on the tasks that matter. Together, with Cylance, we help you make the most of your data — delivering enterprise-wide threat prevention, analysis, and response. This integration provides you with a holistic view of malicious activity and enables your team to proactively detect threats originating from or targeting an endpoint before they can damage your organization.

Please visit the LogRhythm Community and our Shareables Page to learn more and view plugins our team and YOU, our great customers, developed.