Uncategorized / April 19, 2016

Building a Security Intelligence Platform with Crystal-Clear Visibility

With so much data going in to the S.I-EM it’s kind of hard…okay, so that didn’t flow to Snoop Dogg’s “Gin & Juice” as much as I would have liked. That’s okay, I’ll recover. The point is, organizations are handling more network traffic and data than ever before; while at the same time, fighting off the potential of cyber attacks nearly every day.

Your organization’s ability to detect and respond to threats requires visibility into the network. Achieving enterprise-wide network visibility requires both application-level awareness and rich network session detail.

So imagine a scenario where your organization is vulnerable to a malware infection—a scenario that is all too real to many of us—and the malware just began data exfiltration on a computer within your network.

You may struggle to sift through the noise of increased network activity to accurately identify the malware threat because your organization lacks the ability to see across the physical and virtual infrastructure.

An important component of network-wide visibility is having access to the most relevant metadata. Next-gen SIEMs (shameless LogRhythm plug) look to the power of metadata to provide a pinpoint accurate picture of network traffic. This picture allows your organization to focus on specific areas of the network and then rapidly triage, investigate and neutralize the threat.

Creating a Behavior Profile for Automated Remediation

So back to the malware infection that is currently plaguing your organization. On your network, a laptop starts sending information to China. When deployed together, LogRhythm’s Security Intelligence Platform and Gigamon’s GigaSECURE® Security Delivery Platform are better able to uncover early indicators of malicious activity.

The GigaSECURE Security Delivery Platform provides intelligent filtering and de-duplication to help facilitate that relevant traffic is analyzed by LogRhythm which then quickly generates a baseline of normal activity. We know from this behavior baseline that network traffic to a device in China is a highly suspicious activity.

This anomalous behavior triggers an alarm in LogRhythm. The alarm then instigates an automatic SmartResponse™ to begin full packet capture.

The full data capture can reveal that sensitive data is now leaving the company. An analyst then quickly isolates the laptop through a SmartResponse™ and begins removing malware from the infected laptop.

The pervasive visibility of LogRhythm and Gigamon exposes threats hidden in the network traffic of enterprise organizations, enabling fast remediation. And as it turns out, there is a connection between flow, data and the SIEM; it just doesn’t correlate to rap lyrics.

To learn more about improving enterprise visibility for automated remediation, check out our solution brief.


Back to top