A U.S.-based healthcare organization with a small information security team lacked a centralized way to collect and analyze logs and identify and respond to incidents in an effective manner. The business wanted to find the right solution to enhance its security posture and give the team the tools to build and expand the security program as the healthcare system grew. The organization chose the LogRhythm NextGen SIEM Platform to improve visibility and streamline its security operations into a single solution to help its team detect and respond to threats in real time.
The Business Challenge
SAVE COSTS AND SIMPLIFY THE CENTRALIZED SECURITY SYSTEM
The organization selected LogRhythm for its ease of use with a user-friendly interface, which it knew would simplify operations, as well as for its out-of-the box threat detection content. But as with any investment, the organization had to prove the security program was worth the financial cost and time investment. Because cybersecurity is typically seen as a cost center for the business, the organization’s trustees were focused on the security program’s impact on the bottom line, as well as the effectiveness of the tool and advancement of the program.
Demonstrating a security program’s strong and quantifiable return on investment (ROI) can be a challenge for security teams. This team sought a way to show that the LogRhythm platform was a worthwhile investment.
PROVING BENEFITS AND ROI
To show the effectiveness of the LogRhythm NextGen SIEM Platform, the organization created customized dashboards illustrating program data, including the number of logs, alerts, and events it collected and the number of cases that became incidents. As a result of working with LogRhythm, the organization was able to contextualize its data and develop trackable metrics to demonstrate time and cost savings.
The team also tracked the efficiency of LogRhythm’s SmartResponse™ Automation feature to automatically block high-confidence IP addresses from the network whenever attack patterns or otherwise malicious activity emerged. With LogRhythm, the organization estimates it saves between $30,000 to $70,000 a year — roughly most of a firewall engineer’s salary — by automatically blocking more than 1,000 IP addresses per month. Now, instead of an engineer having to spend time manually blocking these IPs, LogRhythm’s capabilities have helped the organization prove the ROI, and has enabled information security leadership to demonstrate the need for additional staff and better tools to detect and respond more effectively to threats.
Saving Time with Automation
To increase efficiency for Tier 1 analysts, the organization standardized its approach to incident response using LogRhythm’s playbooks. The organization used SmartResponse features to automatically attach predetermined playbooks associated with certain alarms, enabling Tier 1 analysts ton remediate potential issues quickly and in a repeatable way.
For example, if the organization’s anti-malware/advanced threat protection provider detected a possible threat, analysts would perform the same consistent analysis using the playbooks. The team used SmartResponse to further enhance this process by querying its other tools to pull information on the host, file hash, and user into the case management system. This reduced the amount of upfront investigative leg work, and provided analysts with as much information as possible to make an informed decision on how to proceed.
This simple, repetitive task, enhanced with automation, lets analysts spend more time on high-value task — including threat hunting — responding to true incidents, and creating and improving automation.
The organization recognized the value in investing in a security program to mature its security posture and ease the workflow of its security team. Since working with LogRhythm, the organization has dramatically improved its detection and response times and reliably demonstrates the value of the tool and the security program to executive leadership.
“Without LogRhythm’s capabilities, there is a very distinct possibility that some of these malware threats would be able to spread more quickly,” the organization’s security operations analyst said. “It allows us to more quickly get a full view and contextualize what is going on. It has allowed our phishing team to find credential harvesters in real time, instead of waiting for something to happen.”
The organization plans to expand its security program and use additional features of the LogRhythm platform.
LogRhythm helps busy and lean security operations teams save the day — day after day. There’s a lot riding on the shoulders of security professionals — the reputation and success of their company, the safety of citizens and organizations across the globe, the security of critical resources — the weight of protecting the world.
LogRhythm helps lighten this load. The company is on the frontlines defending against many of the world’s most significant cyberattacks and empowers security teams to navigate an ever-changing threat landscape with confidence. As allies in the fight, LogRhythm combines a comprehensive and flexible security operations platform, technology partnerships, and advisory services to help SOC teams close the gaps. Together, LogRhythm is ready to defend. Learn more at logrhythm.com.
Explore LogRhythm Case Studies
LogRhythm helps to mature security operations of Central Banks in Asia Pacific
Central banks play an important role in facilitating economic and financial stability in their respective countries. Broadly speaking, they do this by establishing monetary policy to achieve low and stable inflation, developing the financial system infrastructure, and regulating the financial
Global Fintech Company Deploys LogRhythm’s SIEM to Minimize Cybersecurity Risk and Maximize ROI
A global fintech company needed a way to drive greater efficiency into its cybersecurity posture by achieving measurable time and cost savings. As the threat landscape continues to grow for the financial services industry, it needed to find the right
Sandfield strengthens IT security and automates monitoring with LogRhythm
Established in 1989, Sandfield has grown to become a leading provider of software applications for operational businesses looking to differentiate themselves through the use of technology. The company’s services and product portfolio includes software and website development, application delivery, database