40+ Cyber Security Courses at SANSFIRE in Washington DC! Save up to $350 thru 4/24.


To attend this webcast, login to your SANS Account or create your Account.

Why Insider Actions Matter: SANS Review of LogRhythm CloudAI for User and Entity Behavior Analytics

  • Tuesday, February 27th, 2018 at 1:00 PM EST (18:00:00 UTC)
  • Dave Shackleford and Seth Goldhammer


  • LogRhythm

You can now attend the webcast using your mobile device!


Insider actions, whether on purpose or accidental, cause the majority of breaches reported by respondents to multiple SANS surveys (including this one) conducted in 2017. Yet these same responses also indicate that user activities, including those performed through breached credentials, are often not analyzed in threat management lifecycles.

When threats occur, understaffed security operations centers usually lack easy access to contextual information, including:

  • Baselined user behavior
  • How users authenticate
  • Machine-to-machine connections
  • Whitelisted workstations and applications

This lack of visibility is a key problem that LogRhythm's CloudAI technology-applied to user and entity behavior analytics (UEBA)-was built to solve. Using supervised and unsupervised learning, CloudAI establishes baselines then monitors user behavior, automatically scoring user actions as harmless, risky or malicious based on multiple criteria.

In this webcast, senior SANS instructor and analyst Dave Shackleford will discuss his experience reviewing LogRhythm CloudAI as he runs through various use cases, such as insider threat, account compromise and admin abuse.

Learn how LogRhythm CloudAI:

  • Detects user activities indicative of threats or compromises
  • Scores user activities and provides recommendations or takes automated actions
  • Supports threat hunting and incident response capabilities
  • Improves the machine learning experience through supervised and unsupervised learning
  • Register for this webcast and receive early access to the associated whitepaper report developed by Dave Shackleford.

Speaker Bios

Dave Shackleford

Dave Shackleford, a SANS analyst, instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Seth Goldhammer

Seth Goldhammer is Senior Director of Product Management at LogRhythm, Inc. He has more than 16 years of experience working in the network management and security industry, including starting Roving Planet where he helped design and build go-to-market strategies for the industry's first network access control products. Seth has served in product management roles at TippingPoint, 3Com, and HP Networking, and is responsible for collecting market requirements and speaking at customer events for LogRhythm.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.