A Practical Approach to Effective Security Analytics

When discussing effective approaches to the problem of security analytics, I think it is first important to start with a clear definition of the goal of security analytics. The ultimate goal of security analytics is to deliver technology solutions that assist human security analysts in detecting, responding to and mitigating cyber threats. This simple statement hides an area of technological endeavor that is simultaneously fascinating, important and complex. While a full exploration of the many facets of security analytics is beyond the scope of this post, it is useful to discuss a high-level and general approach to security analytics to simplify the complex problem statement into more digestible pieces.(...)

SIEM’s Total Cost of Ownership

A Security Information & Event Management (SIEM) platform is an essential tool for managing risk in today’s highly digitized world. And not just essential; our perspective is that a SIEM is the central nervous system for security analysts in combing through alerts, conducting investigations, devising and implementing well-grounded countermeasures, and supporting forensics. As choice abounds in SIEM platforms, there needs to be a blueprint for making an optimal selection. We believe that this blueprint should be one based on Total Cost Ownership (TCO) as TCO modelling takes a balanced approach in weighing objectives and costs.

Started Near the Bottom. Now We’re Here!

LogRhythm made its first appearance in the Gartner Magic Quadrant for SIEM as a Visionary back in 2008. At the time, ArcSight was the Goliath in the market in terms of market share, customer penetration, and momentum. David (aka LogRhythm) looked at that Goliath with quiet confidence and a long term perspective then thought: “We got this.” After eight years of continuous innovation, a commitment to customer success, loads of tenacity, well-timed agility, some great teamwork, and a dose of humility, we have moved past that “Goliath” (ArcSight) and now sit at the top echelon of the 2016 Gartner SIEM Magic Quadrant.

Who is Listening in on Your Network?

With the sheer volume of network traffic and the variety of applications that travel across a typical network these days, it is not surprising how easy it is to gather high-value artifacts using packet capturing software. The goal of an attacker that is using packet capturing software is to grab usernames, email addresses, passwords and other sensitive information traversing a network in plain/clear text for further exploitation.

Catching Beaconing Malware

When a computer becomes infected with malware, it will usually begin to beacon out to a command and control server. This is one of the ways that commodity malware checks in with its command and control infrastructure to await further instructions. But it can be difficult to detect this activity. The beaconing can take place at any time or frequency—from once every couple of seconds to once a week (or possibly even longer if you are dealing with an advanced adversary).