LogRhythmLogRhythm

Cyber Threat Cyber Threat Cyber Threat Cyber Threat Cyber Threat Cyber Threat Cyber Threat Cyber Threat Defense: Defense: Defense: Defense: Defense: Defense: Defense: Defense: Is Is Is Is Is Is Is Is your Firm the Weak your Firm the Weak your Firm the Weak your Firm the Weak your Firm the Weak your Firm the Weak your Firm the Weak your Firm the Weak Link?Link?Link?Link?Link?Link?Link?Link?

Cyber Threat Cyber Threat Cyber Threat Cyber Threat Cyber Threat Cyber Threat Cyber Threat Cyber Threat Defense: Defense: Defense: Defense: Defense: Defense: Defense: Defense: Is Is Is Is Is Is Is Is your Firm the Weak your Firm the Weak your Firm the Weak your Firm the Weak your Firm the Weak your Firm the Weak your Firm the Weak your Firm the Weak Link?Link?Link?Link?Link?Link?Link?Link?

LogRhythmSIEM 2.0SIEM 2.0LogRhythmSIEM 2.0SIEM 2.0

Joshua D Walderbach

Senior Network Security & Compliance Analyst

7/10/2012

1.6MThe number of viruses

seen daily1

55K The number of new malware

By the Numbers…

55K The number of new malware

signatures that are distributed daily2

90%The number of companies in the US who

fell victim to a cyber security breach at

least once in the past 12 months3

1. Source: Symantec.

2. Source: McAfee.

3. Source: Ponemon Institute22

“�Analyzing the

attack, investigators

found that the

spyware designed to

capture confidential

documents -- and

sent via spoofed e-

..and Jan 2012…

33

sent via spoofed e-

mails –

was compiled on a

Chinese-language

keyboard and China-

based servers were

involved in the attack,

he said.”

…FBI cyber division “law firms targeted”

“� Mary Galligan, who heads

the FBI division that held the

New York meeting, talked to

Bloomberg about the dangers.

“As financial institutions in

New York City and the world

become stronger, a hacker

can hit a law firm and it’s a

much, much easier quarry,”

she said.

44

she said.

At the meeting, law firm

representatives were told they

need to diagram their

networks and to know how

computer logs are kept.

“Some were really well

prepared,” Galligan told

Bloomberg. “Others didn’t

know what we were talking

about.”

..and last month in WSJ…

The pressure is

on Law Firms to

improve Cyber

security and

cyber Threat

defense or risk

client trust and

55

client trust and

business

Log Management and SIEM 2.0 | Law FirmsLog Management and SIEM 2.0 | Law FirmsLog Management and SIEM 2.0 | Law FirmsLog Management and SIEM 2.0 | Law FirmsLog Management and SIEM 2.0 | Law FirmsLog Management and SIEM 2.0 | Law FirmsLog Management and SIEM 2.0 | Law FirmsLog Management and SIEM 2.0 | Law Firms

Compliance requirements based on client’s needs (PCI, HIPAA, SOX, GLBA, FISMA, etc.)

Protection of electronic evidence with encryption and digital chain of custody to eliminate potential tampering with activity records via File Integrity Monitoring

Page 6Page 6 Company Confidential

Monitoring

Out of the box reporting, alerts and investigations

Ability to enforce and monitor Security Controls, such as Acceptable Use Policies, across the network and specifically for Privileged Users

Intuitive interface, easy to use and deploy

How Does SIEM Fit Into The Picture?How Does SIEM Fit Into The Picture?How Does SIEM Fit Into The Picture?How Does SIEM Fit Into The Picture?How Does SIEM Fit Into The Picture?How Does SIEM Fit Into The Picture?How Does SIEM Fit Into The Picture?How Does SIEM Fit Into The Picture?

Centralized Security Event Management

� Collects, correlates, retains, and analyzes security-related information from applications, hosts, network devices, physical devices, security devices, etc�

Defense in Depth

� Situational awareness of all systems across the organization, central view of threat activities, insight into effectiveness of security controls

Page 7Page 7

security controls

� Access control, accountability, & authentication

� BCP/DR (Business Continuity Planning/Disaster Recovery)

� Communication & system protection & configuration management

� Event & incident response

� Information & system integrity

� Physical protection

� Risk management & security assessment

Compliance Support� GLBA | HIPAA | PCI | SOX | etc..

88

Use CasesUse CasesUse CasesUse CasesUse CasesUse CasesUse CasesUse Cases

Verifying Effectiveness of Security Controls

� Change Control

� Network & System Changes

� Malware Detection & Prevention

� Signature Updates/Virus Infections

� Patch Management

� Software Updates/Vulnerabilities

Enforcing Policies

Page 9Page 9

Enforcing Policies

� Applications/Communication

Monitoring Privileged Use

� Access, Account Management, Authentication

Protecting Sensitive Data

� Access, Deletion/Modification, Permission Changes

Use Cases Use Cases Use Cases Use Cases (continued…)Use Cases Use Cases Use Cases Use Cases (continued…)

Monitoring Activities Across the Infrastructure� Audit, Operations, and Security Events

� Correlation of Events

Alerting on Potential Incidents� Event Based

� User/Group/Role

� SNMP/SMTP

Investigating Potential Incidents

Page 10Page 10

Investigating Potential Incidents� Forensic Investigation

� Raw Log

Audit, Compliance, and Forensic Evidence Reporting� Reporting Packages Specific to Compliance Requirements

Automated Response� Approval based or Automated Response Actions

LogRhythm DemonstrationLogRhythm DemonstrationLogRhythm DemonstrationLogRhythm DemonstrationLogRhythm DemonstrationLogRhythm DemonstrationLogRhythm DemonstrationLogRhythm Demonstration

11

ConclusionConclusionConclusionConclusionConclusionConclusionConclusionConclusion

Centralized Security Management

� Collects, correlates, retains, and analyzes security-related information

Defense in Depth

� Continuous monitoring and advanced correlation for Central view of threat activities

SIEM Enables:

Page 12Page 12

view of threat activities

� Situational awareness of all systems across the organization, central view of threat activities

� Insight into effectiveness of security controls

Compliance Support Required for Client Data

� GLBA, HIPAA, PCI, & SOX

Automated Response

� Disable vulnerable accounts or services

� Isolate compromised hosts

Next StepsNext StepsNext StepsNext StepsNext StepsNext StepsNext StepsNext Steps

Identify Critical Assets Including Client Data

Initiate Compliance Strategy Effort

11

22

33Review and Update Security Controls

Continuous Monitoring of Network Activities

33

44

Questions?Questions?

Contact InfoContact Info

Josh Walderbach, LogRhythmjoshua.walderbach@logrhythm.com720.881.5436

Tom Crowe, Turner Padget, ILTA QuestionsTom Crowe, Turner Padget, ILTA QuestionsTCrowe@TurnerPadget.com

803.227.4301