Skip to content

Jay Kay Technology Conference – LogRhythm

May 9, 2015

LogRhythm

These are my notes from the various sessions as part of the 2015 Jay Kay Technology Conference. – Todd

LogRhythm Security / Information / Event / Management (SIEM)

Ranjit Bal
Regional Sales Manager, Western Canada
Ranjit.Bal@LogRhythm.com

Peter McNaull
Channel Sales Engineer – West
Peter.McNaull@LogRhythm.com

Why LogRhythm?

Security Intelligence Platform provides the right people, with the right information, at the right time to make the right decisions to continuously secure & protect your environment and meet your dynamically changing security, compliance and IT operations needs.

There are two types of companies, those who have been hacked, and those who don’t know yet that they’ve been hacked. – John Chambers, Cisco

Today’s Threat Environment

Threats conclusively recognized at run-time, prevented at the endpoint and perimeter.

However many threats:

  1. Require a broader view to recognize
  2. Will only emerge over time
  3. Get lost in the noise

Only Analytics can detect these threats.

  • Detecting a class of threats only a Big Data approach can realize
  • Effectively prioritizing threats, separating the signal from the noise
  • Providing the intelligence required to deliver optimally orchestrated and enabled incident response.

Achieve Real-Time Situation Awareness

Pervasive Visibility -> Advanced Analytics -> Actionable Intelligence -> Fast, Precise Detection and Response (Situational Awareness)

Visibility from logs and from Agents that can be deployed to collect data. File Integrity Monitor (FIM) can sit on a server and track information.

Can whitelist to track information and know when things unusual happen, and/or the system watches and lets you know when something unusual is happening.

There is actionable intelligence after. Maybe alerts, maybe real-time dashboard, reports, scripts, etc.

Full cycle -> Collect, investigate, recommend remediation

Dashboard is HTML5, single pane of glass. All in one place. Integrates information in Active Directory. Can view commonalities from a geo-location standpoint, ie. any activity from China.

Planning a session with Jay Kay to explore and take a look at the product in the near future.

Handouts:

https://www.logrhythm.com/Portals/0/resources/LR_Network_Monitor.pdf

Advertisements

From → ATLE, GHSD

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: