LogRhythm 為資安威脅生命週期管理 (TLM) 技術先鋒，創立於 2003 年，總部位於美國科羅拉多州，逾 4 千多家客戶橫跨 6 大洲。LogRhythm 可視為具備人工智慧能力的資安監控中心 (SOC) 之重要基礎，協助客戶提升及確保實體、虛擬及雲端各類資訊環境安全的能力。
專業研調機構及媒體高度稱許，連續7年於 Gartner Magic Quadrant ，評定為全球市場領導者，2017 年蟬聯前三大領導地位，更榮獲 Gartner Peer Insights 金質獎與 Frost & Sullivan 亞太區企業安全產品線戰略領導獎殊榮。2018 年保持 Gartner Magic Quadrant SIEM 評比前三大領導品牌外，The Forrester Wave™ 2018 第三季年度評比報告「Security Analytics Platforms」中更是榮登王者寶座。2019 第三度獲得 Gartner Peer Insights Customers‘ Choice 金質獎，可謂備受全球用戶肯定。
LogRhythm 智慧型資安情資數據即時分析平台為獨步全球的 NextGen SIEM 領導品牌，緊密整合其原生開發之日誌管理、網路深層封包分析 (DPI)、系統端點監控 Agent、使用者與實體行為分析 (UEBA)，運用人工智慧 AI 引擎與機器學習自動進行關聯性與進階分析，快速偵測已知及未知進階攻擊，其 SmartResponse™ 機制具備進階資安事件協同合作、自動化與回應 (SOAR) 能力，內建多套資安事件回應程序手冊 (Case Playbook)，在面對資安事件發生時，迅速提供跨單位協同合作標準處理程序、事件調查及自動化回應之依循。LogRhythm 提供 DetectX、AnalytiX 與 RespondX 模組，企業組織可依需求之優先順序加以選擇，模組均符合 MITRE ATT&CK 資安框架，可協助企業組織之資安事件小組有效縮短應變時間至數分鐘內，提供完整 End-to-End 威脅生命週期流程管理。
2019 Gartner Peer Insights Customers' Choice - Gold Award
2019 SC Media Best SIEM Solution
2019 InfoSec Awards Market Leader for User Behavior Analytics
2019 InfoSec Awards Market Leader for Security Information Event Management (SIEM)
Organizations globally are being compromised by sophisticated cyberattacks at an unprecedented rate and with devastating and costly consequences. A CyberEdge survey of 1,200 global IT security professionals representing organizations with 500 or more employees indicates that 77 percent of surveyed organizations were compromised during the 12 months preceding the study. Modern threat actors include criminal organizations motivated by financial gain, ideologically driven groups that seek to disrupt or discredit their targets, malicious insiders driven by profit or revenge, and nation-states and statesponsored organizations engaged in covert operations and industrial espionage targeting both public and private interests.
This paper will introduce you to ATT&CK and related toolsand resources based on ATT&CK. Then it will discuss how to makepractical use of ATT&CK with a focus on threat huntingand detection.
You’re facing a constant barrage of threats, some of which you don’t even know exist. The reality is that your users are behind many threats and breaches—whether maliciously or accidentally. Case in point: 69 percent of organizations reported a recent insider data exfiltration attempt, and 28 percent of breaches involved internal actors.1 As the typical point of entry for an attack, users are a difficult vector to monitor and secure. To confront the tidal wave of attacks, you need to hone your attention on users by harnessing the power of user and entity behavior analytics (UEBA).
Automation is part of our everyday lives. Yet where security is concerned, organizations are holding back. Some 59 percent of organizations said they use low levels or no automation of key security and incident response (IR) tasks, according to a recent SANS survey
Faced with an unpredictable cost expenditure, CISOs historically had to make tough decisions that increase the enterprise’s risk exposure: Which logs do we collect and analyse? How long do we keep them? How do we balance current needs versus future company growth? How do I maintain flexibility when making a multi-year commitment to a SIEM platform?
This review was recorded by IT Central Station at LogRhythm RhythmWorld 2018 in Denver, Colorado. The review is not subject to editing or approval by LogRhythm.
In this product demo, LogRhythm’s analytics detected evidence of malware designed to access a site that downloads a payload. This threat was missed by signature-based endpoint protection…but LogRhythm’s analytics recognized the tactics used by the malware, triggering an alarm with a calculated risk score.
Watch the demo to learn how LogRhythm custom dashboards and security analytics can improve your threat hunting techniques.
- RespondX：資安事件進階協同合作、自動化與回應 (SOAR)
- NetworkXDR：網路原生攻擊偵測與回應 (NDR)
- UserXDR：使用者與實體設備行為分析 (UEBA)