LogRhythm was a proud sponsor at the recent Palo Alto Networks 2016 Ignite Conference in Las Vegas. It was a fantastic three-day event where we not only got to meet many existing customers and technology partners, but we also were able to demonstrate our powerful integrations between LogRhythm’s Security Intelligence Platform and Palo Alto Network’s Firewall. For those who weren’t able to make it to the event, we wanted to share some of these integrations.
Blocking a Source or Destination IP, Domain or User on a Palo Alto Network Firewall
First, using LogRhythm SmartResponse™ (automated incident response), we demonstrated our ability to suspend network access by automatically blocking a source or destination IP address, domain, or user on a Palo Alto Network firewall. Here are some examples of how this integration is being used by LogRhythm customers:
- Blocking outbound connections to potentially malicious hosts outside of core working hours when security personnel are not available
- Evaluating network activity against our Threat Intelligence Services for highly corroborated threat indicators, such as IP, domain or URL activities
- Utilizing thresholds for network resource misuse at peak times to help maintain service and availability
An example of one of our Palo Alto Network SmartResponse integrations is below. Notice an AI Engine correlation alarm that identifies communication against a Threat List has two SmartResponse actions. Once either approved by an analyst, or else automatically run, the SmartResponse adds the destination host in question as a new Address Object, add this to an Address Group, and then, as the Address Group is part of a Security Policy that denies communications, no further access to this IP address is possible.
LogRhythm Alarm Card with SmartResponses
LogRhythm Adds a New Address Object
Watch a more in-depth video demonstration of this SmartResponse in action:
LogRhythm Dashboard Capabilities with Palo Alto Networks
Secondly, we showed off the Dashboard capabilities available to analysts in the LogRhythm Security Intelligence Platform. The LogRhythm WebUI provides the ability to create enterprise-wide views or application-specific views—as in the case with Palo Alto Networks.
Activity around application usage, configuration changes, host or URL access, or security actions such as Wildfire alerts, can all be plotted out in one easy-to-use view.
Several Palo Alto Networks Firewalls Being Displayed in our Palo Alto Networks Dashboard Layout
We’d like to thank our great partner, Palo Alto Networks, for putting on a fantastic show, as well as all of our customers who came by to say hello!