Threat Lifecycle Management

Why?

2009 2010 2011 2012 2013 2014

cyber incidents

Source: PwC, The Global State of Information Security Survey 2015

2017?2016?2015?

detected 42.8 million

“84% of breach evidence resided in the log data.”

Verizon Data Breach Investigation Report

“By 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches up from less than 10% in 2013.”

- Neil MacDonald, Gartner

Why?Faster Detection & Response Reduces Risk

Mean Time To Detect

™

Mean Time To Respond

™

Months Weeks Days Hours Minutes

High

Low

MTTD & MTTR

Chance ofSignificant Breach

Reconnaissan

ceInitial

CompromiseCommand & Control

Lateral Movement

Target Attainment ExfiltrationCommand

& ControlLateral

MovementTarget

Attainment Exfiltration

By reducing MTTD and MTTR LogRhythm’s Security Intelligence Platform helps break the kill chain.

Early neutralisation equals no damaging cyber incident or data breach.

Anatomy Of An Attack

XM

SmartResponseTM

Spear-phishing

Attack email received

Threat Intelligence

Malware Installed

(malicious PDF)

User & Endpoint Analytics

Network reconnaissanc

e(port scan)

Network Analytics

Threat Intelligence

Brute Force Attack

User Analytics

LogRhythm SmartResponse

™

Incident Management

Holistic Analytics

People & Process

00:09.07 00:09.40 00:09.52 00:10.02 00:10.12

Threat Lifecycle Management™TIME TO

RESPOND

SecurityEvent Data

Log &Machine Data

Forensic Sensor Data

Forensic Data

Analyze the threat

and associated

risk, determine

if an incident has or is occurring

Investigate Mitigate

Implement counter-

measures and

controls that

mitigate the risk

presented by

the threat

Qualify

Assess threat,

determine if it poses risk and

whether a full

investigation

is required

Machine Analytics

DiscoverUser

Analytics

TIME TO DETECT

Recover

Eradicate Cleanup ReportReview Adapt

Thank You