SlideShare ist ein Scribd-Unternehmen logo

Detecting Insider Threats with User Behavior Analytics

Als PPTX, PDF herunterladen
LogRhythm
LogRhythm

You have to have a solution in place to detect abnormal shifts and deviations from normal behavior. The solution: User Behavior Analytics (UBA). UBA keeps your financial institution protected no matter where the point of compromise is attempted. At every step of the insider threat cyber kill chain, LogRhythm can detect the anomalous behavior and prevent movement to the next stage. LogRhythm’s detection capabilities go beyond the usual UBA suspects because of its ability to monitor network activity and file information—keeping your financial institution protected no matter where the point of compromise is attempted. Interested in learning more? Watch an online demo of LogRhythm's Security Intelligence Platform now! https://logrhythm.com/neutralization-of-a-phishing-attack-demo/

Technologie
1 von 18
Detecting Insider Threats with User Behavior Analytics A Use Case for Financial Services at Every Stage of the Cyber Kill Chain
Once the attacker has credentials, they can move freely within your network, with the ability to inflict immense damages. An employee within your organization is targeted with a spearphishing email. With just a click, they take the bait and their credentials are stolen. Insider Threats Within Financial Services Organizations The Scenario
The Human Element Spearphishing is a human vulnerability. It takes an employee to click on the bait. So how can you defend against insider threats? You have to have a solution in place to protect against the human element. The solution: User Behavior Analytics (UBA)
How User Behavior Analytics Can Help Stop Insider Threats UBA can help you to detect and respond to: 1. Insider threats 2. Compromised accounts 3. Privileged account abuse
Anatomy of an Attack Using UBA to Stop an Insider Threat Attack at Any Stage of the Cyber Kill Chain
Detecting a Compromised Account Compromised accounts are at the heart of most financial breaches. The good news? Indicators of a compromised account can be detected at different stages across the cyber kill chain.
The Cyber Kill Chain: Identifying The Moment of Compromise The Scenario: Spearphishing The compromise: An employee receives an email that looks like it’s from a co-worker. She doesn’t notice the small difference in spelling of the domain name as she opens the email. The trap has been sprung. How you stop it: LogRhythm’s Network Monitor deep packet analytics detects the inbound attack then produces a high-impact alert on the incident. Your SOC team investigates, responds and neutralizes threat.
The Cyber Kill Chain: Identifying The Moment of Compromise The Scenario: Compromised Hosts The compromise: A piece of malware slips through traditional perimeter defenses and is installed on a machine. How you stop it: LogRhythm detects when the malicious process starts on the endpoint and either terminates the process or isolates the endpoint to stop the spread of malware.
The Cyber Kill Chain: Identifying The Moment of Compromise The Scenario: Lateral Movement & Account Sweeps The compromise: Malware makes its way onto a machine. It then uses an employee’s compromised credentials to log onto other systems on the network. How you stop it: LogRhythm detects the authentication attempts against multiple hosts and sends an alarm to your SOC for further investigation, response and neutralization.
The Cyber Kill Chain: Identifying The Moment of Compromise The Scenario: Brute Force Authentication The compromise: Malware has made its way onto an employee’s machine. It then tries to move to another user by identifying the password through brute force. How you stop it: LogRhythm detects the authentication failures against multiple hosts and sends an alarm to your SOC for further investigation, response and neutralization.
The Cyber Kill Chain: Identifying The Moment of Compromise The Scenario: Authentication from Abnormal Location The compromise: An attacker successfully gains control of a corporate machine. Then uses the employee’s credentials to connect to the network via VPN. How you stop it: LogRhythm detects the authentication from an abnormal location and sends an alarm to your SOC for further investigation, response and neutralization.
The Cyber Kill Chain: Identifying The Moment of Compromise The Scenario: Unauthorized Trades and Transfers The compromise: A compromised user account attempts to perform unauthorized trade and transfers. How you stop it: LogRhythm’s User Behavior Analytics detects the unauthorized actions and alerts on the incident. Immediately initiating SmartResponse™ to lock down the compromised account.
How LogRhythm Stops Insider Threats
LogRhythm’s User Behavior Analytics Stop Insider Threats At every step of the insider threat cyber kill chain, LogRhythm can detect the anomalous behavior and prevent movement to the next stage. LogRhythm’s detection capabilities go beyond the usual UBA suspects because of its ability to monitor network activity and file information—keeping your financial institution protected no matter where the point of compromise is attempted.
LogRhythm Disrupts the Financial Insider Threat Kill Chain Exfiltration Corruption Disruption Initial Compromise Reconnaissance & Planning Command & Control Lateral Movement Target Attainment MalwareSpearphishing Brute force and unauthorized account access VPN Financial transfer
Holistic Threat Analytics Embedded Security • Recognized security experts • Build machine data intelligence, with support for 750+ devices • Develop pre-packaged threat management modules: • AI Engine rules • Reports & saved searches • Dashboard layouts • SmartResponse™ plug-ins • Frequent updates via cloud Threat Intelligence Open Source Custom Commercial User Behavior Analytics (UBA) Brute force attacks, compromised user accounts, insider threat detection, privileged user account monitoring & more Network Behavior Analytics Malware outbreak, suspicious network communications, DOS attacks, network-borne data exfiltration & more Endpoint Behavior Analytics Endpoint manipulation, malware activity, suspicious process & application activity, local data exfiltration & more Rapid Value • Arm your analysts to work smarter and faster with machine- based analytics • Detect and respond to threats across the holistic attack surface • Accelerate deployment with pre- packaged threat management modules
LogRhythm can help you protect your holistic attack surface—including your users, networks and endpoints. Rarely do attackers target one vector, so we leverage data from all vectors and sources (e.g., honeypots and threat intel feeds) so you can correlate user behavior with network and endpoint data. In case of an attack, you’ll be able to detect and respond lightning fast with an efficient workflow. Protecting Your Holistic Attack Surface
See LogRhythm in Action You already know that hackers will get in—regardless of the prevention technologies you’ve put in place to keep them out. Click the below button to watch this in-depth demo to see how LogRhythm can help you detect a phishing attack and stop it in its tracks. Watch the Demo

Empfohlen

User Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesUser Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesSpectorsoft
 
CyberThreat Defense Report
CyberThreat Defense ReportCyberThreat Defense Report
CyberThreat Defense ReportLogRhythm
 
8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm8 Reasons to Choose Logrhythm
8 Reasons to Choose LogrhythmLogRhythm
 
Detecting and Blocking Suspicious Internal Network Traffic
Detecting and Blocking Suspicious Internal Network Traffic Detecting and Blocking Suspicious Internal Network Traffic
Detecting and Blocking Suspicious Internal Network Traffic LogRhythm
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with SplunkSplunk
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemRoshan Ranabhat
 
Inbox Presentation Sub Domains
Inbox Presentation Sub DomainsInbox Presentation Sub Domains
Inbox Presentation Sub Domainsjprice
 

Empfohlen

User Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesUser Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesSpectorsoft
 
CyberThreat Defense Report
CyberThreat Defense ReportCyberThreat Defense Report
CyberThreat Defense ReportLogRhythm
 
8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm8 Reasons to Choose Logrhythm
8 Reasons to Choose LogrhythmLogRhythm
 
Detecting and Blocking Suspicious Internal Network Traffic
Detecting and Blocking Suspicious Internal Network Traffic Detecting and Blocking Suspicious Internal Network Traffic
Detecting and Blocking Suspicious Internal Network Traffic LogRhythm
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with SplunkSplunk
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemRoshan Ranabhat
 
Inbox Presentation Sub Domains
Inbox Presentation Sub DomainsInbox Presentation Sub Domains
Inbox Presentation Sub Domainsjprice
 
User behavior analytics
User behavior analyticsUser behavior analytics
User behavior analyticsboldvisitor
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
 
LogRhythm Web Rhythm Data Sheet
LogRhythm Web Rhythm Data SheetLogRhythm Web Rhythm Data Sheet
LogRhythm Web Rhythm Data Sheetjordagro
 
What's New Logrhythm 5.1 Data Sheet
What's New Logrhythm 5.1 Data SheetWhat's New Logrhythm 5.1 Data Sheet
What's New Logrhythm 5.1 Data Sheetjordagro
 
LogRhythm Advanced Agent Data Sheet
LogRhythm Advanced Agent Data SheetLogRhythm Advanced Agent Data Sheet
LogRhythm Advanced Agent Data Sheetjordagro
 
Securityanalytics
SecurityanalyticsSecurityanalytics
SecurityanalyticsKumar Gaurav
 
LogRhythm Training Syllabus Data Sheet
LogRhythm Training Syllabus Data SheetLogRhythm Training Syllabus Data Sheet
LogRhythm Training Syllabus Data Sheetjordagro
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriAtif Ghauri
 
Demo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_ggDemo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_ggAlienVault
 
Integrating Behavior User Studies with Log Analysis
Integrating Behavior User Studies with Log AnalysisIntegrating Behavior User Studies with Log Analysis
Integrating Behavior User Studies with Log AnalysisTao Zhang
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 

Weitere ähnliche Inhalte

Andere mochten auch

User behavior analytics
User behavior analyticsUser behavior analytics
User behavior analyticsboldvisitor
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
 
LogRhythm Web Rhythm Data Sheet
LogRhythm Web Rhythm Data SheetLogRhythm Web Rhythm Data Sheet
LogRhythm Web Rhythm Data Sheetjordagro
 
What's New Logrhythm 5.1 Data Sheet
What's New Logrhythm 5.1 Data SheetWhat's New Logrhythm 5.1 Data Sheet
What's New Logrhythm 5.1 Data Sheetjordagro
 
LogRhythm Advanced Agent Data Sheet
LogRhythm Advanced Agent Data SheetLogRhythm Advanced Agent Data Sheet
LogRhythm Advanced Agent Data Sheetjordagro
 
LogRhythm Training Syllabus Data Sheet
LogRhythm Training Syllabus Data SheetLogRhythm Training Syllabus Data Sheet
LogRhythm Training Syllabus Data Sheetjordagro
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriAtif Ghauri
 
Demo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_ggDemo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_ggAlienVault
 
Integrating Behavior User Studies with Log Analysis
Integrating Behavior User Studies with Log AnalysisIntegrating Behavior User Studies with Log Analysis
Integrating Behavior User Studies with Log AnalysisTao Zhang
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 

Andere mochten auch (12)

User behavior analytics
User behavior analyticsUser behavior analytics
User behavior analytics
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
LogRhythm Web Rhythm Data Sheet
LogRhythm Web Rhythm Data SheetLogRhythm Web Rhythm Data Sheet
LogRhythm Web Rhythm Data Sheet
 
What's New Logrhythm 5.1 Data Sheet
What's New Logrhythm 5.1 Data SheetWhat's New Logrhythm 5.1 Data Sheet
What's New Logrhythm 5.1 Data Sheet
 
LogRhythm Advanced Agent Data Sheet
LogRhythm Advanced Agent Data SheetLogRhythm Advanced Agent Data Sheet
LogRhythm Advanced Agent Data Sheet
 
Securityanalytics
SecurityanalyticsSecurityanalytics
Securityanalytics
 
LogRhythm Training Syllabus Data Sheet
LogRhythm Training Syllabus Data SheetLogRhythm Training Syllabus Data Sheet
LogRhythm Training Syllabus Data Sheet
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif Ghauri
 
Demo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_ggDemo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_gg
 
Integrating Behavior User Studies with Log Analysis
Integrating Behavior User Studies with Log AnalysisIntegrating Behavior User Studies with Log Analysis
Integrating Behavior User Studies with Log Analysis
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 

Kürzlich hochgeladen

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 

Kürzlich hochgeladen (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

Detecting Insider Threats with User Behavior Analytics

  • 1. Detecting Insider Threats with User Behavior Analytics A Use Case for Financial Services at Every Stage of the Cyber Kill Chain
  • 2. Once the attacker has credentials, they can move freely within your network, with the ability to inflict immense damages. An employee within your organization is targeted with a spearphishing email. With just a click, they take the bait and their credentials are stolen. Insider Threats Within Financial Services Organizations The Scenario
  • 3. The Human Element Spearphishing is a human vulnerability. It takes an employee to click on the bait. So how can you defend against insider threats? You have to have a solution in place to protect against the human element. The solution: User Behavior Analytics (UBA)
  • 4. How User Behavior Analytics Can Help Stop Insider Threats UBA can help you to detect and respond to: 1. Insider threats 2. Compromised accounts 3. Privileged account abuse
  • 5. Anatomy of an Attack Using UBA to Stop an Insider Threat Attack at Any Stage of the Cyber Kill Chain
  • 6. Detecting a Compromised Account Compromised accounts are at the heart of most financial breaches. The good news? Indicators of a compromised account can be detected at different stages across the cyber kill chain.
  • 7. The Cyber Kill Chain: Identifying The Moment of Compromise The Scenario: Spearphishing The compromise: An employee receives an email that looks like it’s from a co-worker. She doesn’t notice the small difference in spelling of the domain name as she opens the email. The trap has been sprung. How you stop it: LogRhythm’s Network Monitor deep packet analytics detects the inbound attack then produces a high-impact alert on the incident. Your SOC team investigates, responds and neutralizes threat.
  • 8. The Cyber Kill Chain: Identifying The Moment of Compromise The Scenario: Compromised Hosts The compromise: A piece of malware slips through traditional perimeter defenses and is installed on a machine. How you stop it: LogRhythm detects when the malicious process starts on the endpoint and either terminates the process or isolates the endpoint to stop the spread of malware.
  • 9. The Cyber Kill Chain: Identifying The Moment of Compromise The Scenario: Lateral Movement & Account Sweeps The compromise: Malware makes its way onto a machine. It then uses an employee’s compromised credentials to log onto other systems on the network. How you stop it: LogRhythm detects the authentication attempts against multiple hosts and sends an alarm to your SOC for further investigation, response and neutralization.
  • 10. The Cyber Kill Chain: Identifying The Moment of Compromise The Scenario: Brute Force Authentication The compromise: Malware has made its way onto an employee’s machine. It then tries to move to another user by identifying the password through brute force. How you stop it: LogRhythm detects the authentication failures against multiple hosts and sends an alarm to your SOC for further investigation, response and neutralization.
  • 11. The Cyber Kill Chain: Identifying The Moment of Compromise The Scenario: Authentication from Abnormal Location The compromise: An attacker successfully gains control of a corporate machine. Then uses the employee’s credentials to connect to the network via VPN. How you stop it: LogRhythm detects the authentication from an abnormal location and sends an alarm to your SOC for further investigation, response and neutralization.
  • 12. The Cyber Kill Chain: Identifying The Moment of Compromise The Scenario: Unauthorized Trades and Transfers The compromise: A compromised user account attempts to perform unauthorized trade and transfers. How you stop it: LogRhythm’s User Behavior Analytics detects the unauthorized actions and alerts on the incident. Immediately initiating SmartResponse™ to lock down the compromised account.
  • 13. How LogRhythm Stops Insider Threats
  • 14. LogRhythm’s User Behavior Analytics Stop Insider Threats At every step of the insider threat cyber kill chain, LogRhythm can detect the anomalous behavior and prevent movement to the next stage. LogRhythm’s detection capabilities go beyond the usual UBA suspects because of its ability to monitor network activity and file information—keeping your financial institution protected no matter where the point of compromise is attempted.
  • 15. LogRhythm Disrupts the Financial Insider Threat Kill Chain Exfiltration Corruption Disruption Initial Compromise Reconnaissance & Planning Command & Control Lateral Movement Target Attainment MalwareSpearphishing Brute force and unauthorized account access VPN Financial transfer
  • 16. Holistic Threat Analytics Embedded Security • Recognized security experts • Build machine data intelligence, with support for 750+ devices • Develop pre-packaged threat management modules: • AI Engine rules • Reports & saved searches • Dashboard layouts • SmartResponse™ plug-ins • Frequent updates via cloud Threat Intelligence Open Source Custom Commercial User Behavior Analytics (UBA) Brute force attacks, compromised user accounts, insider threat detection, privileged user account monitoring & more Network Behavior Analytics Malware outbreak, suspicious network communications, DOS attacks, network-borne data exfiltration & more Endpoint Behavior Analytics Endpoint manipulation, malware activity, suspicious process & application activity, local data exfiltration & more Rapid Value • Arm your analysts to work smarter and faster with machine- based analytics • Detect and respond to threats across the holistic attack surface • Accelerate deployment with pre- packaged threat management modules
  • 17. LogRhythm can help you protect your holistic attack surface—including your users, networks and endpoints. Rarely do attackers target one vector, so we leverage data from all vectors and sources (e.g., honeypots and threat intel feeds) so you can correlate user behavior with network and endpoint data. In case of an attack, you’ll be able to detect and respond lightning fast with an efficient workflow. Protecting Your Holistic Attack Surface
  • 18. See LogRhythm in Action You already know that hackers will get in—regardless of the prevention technologies you’ve put in place to keep them out. Click the below button to watch this in-depth demo to see how LogRhythm can help you detect a phishing attack and stop it in its tracks. Watch the Demo