LogRhythm and Cisco Partner to Enable Rapid Threat Containment

LogRhythm is a long-time Cisco partner and member of the Cisco Security Technical Alliance program and integrates with numerous Cisco solutions, including Cisco Adaptive Security Applications (ASA), Cisco Identity Services Engine (ISE), and Cisco FireSIGHT Management Console, to enable rapid detection of and response to threats targeting all facets of an organization’s attack surface, including the network, user and endpoint.

LogRhythm is very pleased to be deepening its strategic partnership with Cisco as part of our combined efforts to help organizations around the globe quickly detect high-priority threats and compromises and then enable immediate and automated response to contain them.

Building upon our existing two-way integration with Cisco ISE, LogRhythm is deepening its Cisco support by leveraging the robust Adaptive Network Control functionality of Cisco pxGrid.

Utilizing Cisco ISE telemetry and other contextual information our platform collects from across an organization’s environment, LogRhythm’s automated stream-based analytics can provide an organization with highly corroborated risk-based alerts, such as when user or device behaviors deviate from customary patterns, peer group norms or policy.

LogRhythm can then enable immediate automated response to contain the threat by interfacing with ISE to take actions such as limiting network service access, forcing a device reauthorization or quarantining a user or device.

Together, LogRhythm and Cisco deliver complementary solutions that combine the visibility and enforcement mechanisms of Cisco’s portfolio of leading security and networking solutions with the advanced security analytics and actionable intelligence of LogRhythm’s Security Intelligence Platform.

The LogRhythm-Cisco partnership empowers customers to detect internal and external threats, identify behavioral anomalies, rapidly respond to threats and enforce compliance. Learn more about Cisco’s Threat Containment Ecosystem.

LogRhythm and Cisco ISE in Action

Problem

A LogRhythm customer implemented multiple Cisco ISE nodes in its environment and wanted to identify unsanctioned devices such as guest laptops and mobile devices on its public Wi-Fi and then automatically deny them network access if they exhibit behavior that appears malicious in nature.

Solution

The customer used LogRhythm’s powerful, real-time analytics to identify suspicious guest device behavior on the network based on ISE telemetry and other contextual information. Once suspicious behavior is detected, an out-of-the-box LogRhythm SmartResponseTM plug-in notifies Cisco ISE, instructing it to quarantine the suspicious device. The LogRhythm Cisco ISE SmartResponse plugin developed by LogRhythm Labs and deployed by the customer can take six different actions:

  • Quarantine Host by MAC Address / Asynchronous
  • Quarantine Host by MAC Address / Synchronous
  • Quarantine Host by IP Address / Asynchronous
  • Quarantine Host by IP Address / Synchronous
  • Quarantine Host by Session ID / Asynchronous
  • Quarantine Host by Session ID / Synchronous

Essentially, LogRhythm is able to quarantine hosts by MAC Address, IP address or session ID. Cisco ISE allows the option to do each action either synchronously or asynchronously.

Figure 1. Cisco ISE Quarantine Host Smart Response Plugin

Value

The customer is able to use LogRhythm’s advanced analytics rules to determine whether a host is compromised or behaving in a malicious manner and then automate response via integration with Cisco ISE to mitigate the threat and decrease organizational risk.

LogRhythm collaborates with the world’s leading security technology vendors, making it easy for customers to integrate new or existing technologies with their LogRhythm deployment to increase real-time threat detection and response, and LogRhythm is leading the way with its deepening support for Cisco solutions.

More on LogRhythm’s Technology Partnerships