Challenge: The majority of attacks exploit valid user credentials to gain unrestricted access to the corporate network. Organizations need an effective means of monitoring for insecure accounts and passwords to prevent credentials from being compromised.
Solution: LogRhythm’s Honeypot Security Analytics Suite provides AI Engine rules that monitor for successful and unsuccessful logon attempts to honeypot servers, capturing details on the username and password. This allows analysts to see commonly attempted username and password combinations on the honeypot hosts.
Benefit: By knowing which accounts are being targeted by hackers and which passwords are vulnerable to exploit in the honeypot, organizations are able to strategically increase defense measures within their network by monitoring at risk user accounts and enforcing stricter password policies. A SmartResponse™ plugin can automatically add the IP address observed in the honeypot to a firewall list to prevent interaction with the corporate network.
Challenge: With the evolving sophistication and rapid propagation of new cyber attack campaigns, it is difficult for organizations to detect zero-day exploits using traditional security tools because they lack the signatures and behavioral profiles needed to spot targeted malware.
Solution: LogRhythm’s Honeypot Security Analytics Suites attracts attackers to a honeypot server configured for optimal surveillance. When a honeypot host is successfully compromised, LogRhythm captures the full details about how attackers gained access along with the subsequent host interactions.
Additionally, LogRhythm AI Engine rules capture and parse out all attempted malware and exploit downloads including communication with command and control servers.
Benefit: This data allows the security team to perform detailed threat analysis, giving them new insight into upcoming malware payloads and attack methodologies employed by adversaries. LogRhythm also captures additional environment data, such as user-agent strings, which highlight the tools that attackers or bots are using to breach networks. SmartResponse™ plugin can automatically add the attackers to an internal threat list to block access to the corporate network.