Why Insider Actions Matter: SANS Review of LogRhythm CloudAI for User and Entity Behavior Analytics

  • Tuesday, 27 Feb 2018 1:00PM EST (27 Feb 2018 18:00 UTC)
  • Speakers: Dave Shackleford, Samir Jain, Mark Settle

Insider actions, whether on purpose or accidental, cause the majority of breaches reported by respondents to multiple SANS surveys (including this one) conducted in 2017. Yet these same responses also indicate that user activities, including those performed through breached credentials, are often not analyzed in threat management lifecycles.

When threats occur, understaffed security operations centers usually lack easy access to contextual information, including:

  • Baselined user behavior
  • How users authenticate
  • Machine-to-machine connections
  • Whitelisted workstations and applications

This lack of visibility is a key problem that LogRhythm's CloudAI technology-applied to user and entity behavior analytics (UEBA)-was built to solve. Using supervised and unsupervised learning, CloudAI establishes baselines then monitors user behavior, automatically scoring user actions as harmless, risky or malicious based on multiple criteria.

In this webcast, senior SANS instructor and analyst Dave Shackleford will discuss his experience reviewing LogRhythm CloudAI as he runs through various use cases, such as insider threat, account compromise and admin abuse.

Learn how LogRhythm CloudAI:

  • Detects user activities indicative of threats or compromises
  • Scores user activities and provides recommendations or takes automated actions
  • Supports threat hunting and incident response capabilities
  • Improves the machine learning experience through supervised and unsupervised learning
  • Register for this webcast and receive early access to the associated whitepaper report developed by Dave Shackleford.

View the associated whitepaper here.