Cybersecurity training without home or office distractions: 11 courses | San Francisco | Dec 2-7


To attend this webcast, login to your SANS Account or create your Account.

Why Insider Actions Matter: SANS Review of LogRhythm CloudAI for User and Entity Behavior Analytics

  • Tuesday, February 27th, 2018 at 1:00 PM EST (18:00:00 UTC)
  • Dave Shackleford, Samir Jain, and Mark Settle
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • LogRhythm

You can now attend the webcast using your mobile device!


Insider actions, whether on purpose or accidental, cause the majority of breaches reported by respondents to multiple SANS surveys (including this one) conducted in 2017. Yet these same responses also indicate that user activities, including those performed through breached credentials, are often not analyzed in threat management lifecycles.

When threats occur, understaffed security operations centers usually lack easy access to contextual information, including:

  • Baselined user behavior
  • How users authenticate
  • Machine-to-machine connections
  • Whitelisted workstations and applications

This lack of visibility is a key problem that LogRhythm's CloudAI technology-applied to user and entity behavior analytics (UEBA)-was built to solve. Using supervised and unsupervised learning, CloudAI establishes baselines then monitors user behavior, automatically scoring user actions as harmless, risky or malicious based on multiple criteria.

In this webcast, senior SANS instructor and analyst Dave Shackleford will discuss his experience reviewing LogRhythm CloudAI as he runs through various use cases, such as insider threat, account compromise and admin abuse.

Learn how LogRhythm CloudAI:

  • Detects user activities indicative of threats or compromises
  • Scores user activities and provides recommendations or takes automated actions
  • Supports threat hunting and incident response capabilities
  • Improves the machine learning experience through supervised and unsupervised learning
  • Register for this webcast and receive early access to the associated whitepaper report developed by Dave Shackleford.

View the associated whitepaper here.

Speaker Bios

Dave Shackleford

Dave Shackleford, a SANS analyst, instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Samir Jain

Samir Jain is a Senior Product Manager, Security Analytics at LogRhythm. He operates at LogRhythm with a focus on Security Analytics and UEBA, and provides over 18 years of track record innovating and delivering world class enterprise solutions from concept to market launch. Prior to LogRhythm he worked at Avaya for 16 years in Product Management.

Mark Settle

Mark Settle is the Product Marketing Team Manager at LogRhythm. As team lead, he and his team work alongside our Product Management and Development teams to bring LogRhythm products and solutions market through market research, producing positioning, marketing content, and training material. Prior to LogRhythm he led corporate marketing for Zayo Group.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.