4 easy ways to turn endpoint data into actionable insight … · company confidential powered by 4...
TRANSCRIPT
Company Confidential
Powered by
4 Easy Ways to Turn Endpoint Data into Actionable Insight
2/7/2017
Greg FossManager, Global SecOpsLogRhythm
Chris BerningerSr. Systems Engineer, Business Development
Carbon BlackJake ReynoldsTechnical Alliances EngineerLogRhythm
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL3
1 Who we are
2 What is Cb Response
3 How Cb Response & LogRhythm create joint value
4 Demo
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL4
PROVEN ENDPOINT SECURITY PIONEERS
AV REPLACEMENT
CERTIFIED
MARKET-LEADING
DETECTION
& RESPONSE
BREAKTHROUGH
PREVENTION
30of Fortune 100
2,500+Organizations
7M+
Licenses
10,000Practitioners
75+
IR/MSSPs
#1NG EPP share
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL5
Cb RESPONSE: IR & THREAT HUNTING
COMPLETE
VISIBILITYPROACTIVE
THREAT HUNTING
REAL-TIME
RESPONSE
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL6
COMPLETE VISIBILITY
PROCESS ACTIVITY
REGISTRY ACTIVITY
FILE ACTIVITY
NETWORK ACTIVITY
IDENTIFY ROOT CAUSE
CAPTURE ALL ACTIVITY
AGGREGATE THREAT INTEL
VISUALIZE THE ATTACK
MINIMIZE RESOURCE IMPACT
CONTINUOUS ANDCENTRALIZED
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL7
Correlate Log Activity With Rich Endpoint Visibility
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL8
Two-Way Integration – Cb Response And LogRhythm
Threat Lifecycle Management Platform
• Behavioral Analytics
• SIEM & Log Management
• Network Monitoring & Forensics
• Endpoint Monitoring & Forensics
• Security Automation & Orchestration
Cb Response
• Endpoint Detection & Response
• Continuous & Centralized Recording
• Instant Root Cause Identification
• Remote Isolation & Remediation
Machine Data
Intelligence
SmartResponse™
I © 2017 Carbon Black. All Rights Reserved. I CONFIDENTIAL9
DEMO
Company Confidential
Company Confidential
Recon. & Planning
Initial Compromise
Command & Control
Lateral Movement
Target Attainment
Exfiltration, Corruption, Disruption
Modern threats take their time
and leverage the holistic attack surface
The Cyber Attack Lifecycle
Company Confidential
End-to-End Threat Lifecycle Management Workflow
TIME TO DETECT TIME TO RESPOND
Forensic Data Collection
InvestigateQualifyDiscover RecoverNeutralize
Security event data
Log & machine data
Forensic sensor data
Search analytics
Machine analytics
Assess threat
Determine risk
Is full investigation necessary?
Analyze threat
Determine nature and
extent of incident
Implement counter-
measures
Mitigate threat & associated risk
Clean up
Report
Review
Adapt
Company Confidential
Company Confidential
Carbon Black Response - Integration
Alarming
Trigger on Specific Watch List Hits
Company Confidential
Cb Response -Integration
Alarming
Admin Tracking
Company Confidential
Carbon Black Response - Integration
Alarming
Admin Tracking
Reporting
Company Confidential
Carbon Black Response - Integration
Alarming
Admin Tracking
Reporting
Analysis
Company Confidential
Company Confidential
Carbon Black Response - Integration
Alarming
Admin Tracking
Reporting
Analysis
Automation
Perform Actions Based on Alarms Observed
Company Confidential
DEMO
Company Confidential
Company Confidential
During this half-day workshop, you will learn how to:
Explore LogRhythm’s SIEM technology and the benefits of integrating Carbon Black through a series of demos, and guided hands-on use cases.
• Correlate detailed endpoint activity with other environmental context to recognize early indicators of potential compromise
• Deploy real-time countermeasures on an endpoint to prevent further impact and expedite incident response
• Prevent the spread of advanced malware
• Detect insider threats
• Automate remediation and forensic investigation
Company Confidential
QUESTIONS?
Greg Foss
Jake Reynolds
Chris Berninger