TRENDING
P
How do LogRhythm products
differ from traditional prevention-
centric strategies?
erhaps the main priority when
considering how to deal with
cyberthreats is to reduce the
amount of time it takes to respond to
a threat after it has been detected.
Mazen Dohaji, LogRhythm Regional
Director, Middle East, tells us of the
benefits of implementing Threat
Lifecycle Management.
What is the key to faster detection
and response to cyberthreats?
In order for organisations to improve
their mean time to detect (MTTD)
and mean time to respond (MTTR) to
cyber threats, they need to shift their
resources and focus from prevention-
centric security strategies to strategies
centred on threat detection and
response. Security teams often lack
effective tools, automation, and
processes for streamlining threat
investigations and incident response.
These challenges are evidenced when
looking at recent data breaches where
the time it took for the affected
organisation to discover and respond
to the data breach was measured
in months, and in some cases years.
However, data breaches can be largely
avoided if you detect and respond
to the threats quickly. The earlier an
attack is detected and mitigated, the
less the ultimate cost to the business
will be. To reduce the MTTD and
MTTR, an end-to-end detection and
response process-referred to as Threat
Lifecycle Management (TLM)-needs to
be implemented.
How do LogRhythm products provide
an end-to-end workflow when they
are guarding against cyberthreats?
LogRhythm’s products provide an
end-to-end workflow – forensic data
collection, discovery, qualifying,
investigation, neutralising, and recovery.
1. LogRhythm collects and centralises all
log and machine data while network
and endpoint forensic sensors provide
meaningful data to further extend
visibility, in order to classify and
contextualise captured data.
2. Machine analytics analyse
www.intelligentcio.com
Mazen Dohaji, LogRhythm Regional
Director, Middle East
3.
4.
5.
6.
all collected data -detecting
both routine and advanced
threats automatically enabling
organisations to efficiently hunt for
threats and reduce MTTD.
With LogRhythm’s 100-point risk-
based priority score, organisations
will know where to spend their time
effectively, while advanced drill
down capabilities provide immediate
access to rich forensic detail.
Case dashboards and a secure
evidence locker centralises all
forensic data to provide real-time
visibility into active investigations
and incidents.
Easily accessible and updated
incident response processes, coupled
with pre-qualified SmartResponse™
automated playbook actions,
drastically reduce mean time to
respond to threats.
LogRhythm’s incident response
orchestration provides central
access to all forensic investigation
information for rapid recovery.
While prevention-centric software is
incredibly important for organisations
and should not be overlooked, it should
be considered basic cyber hygiene. It
is something all organisations should
be doing daily, but isn’t going to help
stop a nasty virus from corrupting their
immune system. Put simply, prevention-
centric strategies just are not enough on
their own. LogRhythm products provide
the visibility, automation and detection
capabilities necessary to detect today’s
advanced persistent threats. In doing so,
the technology puts organisations a step
ahead of cybercriminals by providing
an end-to-end security workflow
that combines people, process, and
technology, and empowers organisations
by sorting through the noise to highlight
and investigate high-priority threats.
How does Threat Lifecycle
Management put enterprises one
step ahead of their attackers?
Threat Lifecycle Management is a series
of aligned security operations capabilities
and processes that begins with the ability
to ‘see’ broadly and deeply across the IT
environment, and ends with the ability
to quickly mitigate and recover from a
security incident. The TLM workflow is
not novel; it is the core foundation of
the security operations centre (SOC)
monitoring and response capabilities.
The reason large data breaches still
occur is because the TLM workflow is
implemented ineffectively across many
diverse, disparate security systems,
each offering different user interfaces,
inadequate integration with other
systems, and lacking automation in the
areas of advanced security analytics and
incident response. Discovery of potential
“The cybercriminal is not always
an anonymous hacker based miles
away, an attack often comes from
within an organisation and from its
own employees.”
INTELLIGENTCIO
17