Follow LogRhythm:

 Follow LogRhythm on Twitter Visit the LogRhythm BLOG, The DiaLog

French Landing Page
Products
       One Integrated Solution
       Log and Event Management
          Log Management
          Log Analysis
          Event Management
          Intelligent IT Search
       Advanced Intelligence Engine (AI)
       SmartResponse
       File Integrity Monitoring
       Host Activity Monitoring
       Geolocation & Visualization
       Reporting
       Turnkey Appliances
       High Availability Solutions
       Software & Virtual Deployments
       Advanced Agent
       WebRhythm Remote Access
       Cisco MARS Replacement

Applications
       Overview
       Compliance
          PCI DSS Compliance
          HIPAA Compliance
          NRC GR 5.71
          NEI Compliance
          NERC CIP Compliance
          SOX Compliance
          GLBA Compliance
          FISMA Compliance
          GCSX Compliance
          Protective Monitoring: GPG13
       SIEM
       IT Optimization
       Business Intelligence
       Insider Threat/Fraud Detection
       Forensics/Investigation
       eDiscovery
       Database Monitoring

Services
       Professional Services
       LogRhythm Labs
       Training Options
          Online Instructor-Led Schedule
          Boulder Based Schedule
       Maintenance and Support

Resources
       Overview
       Prepare for NERC CIP
       Datasheets
       Use Cases
          Protective Monitoring
          Detect Advanced Threats (APTs)
          Absence of an Event
          Continuous Monitoring
          Rapid Forensics
          Advanced Correlation
          Rapid Time-to-Value
          Fraud Detection and Prevention
          Protecting Critical Assets
          Change Control
          Protecting ePHI
          Enriching Data w/ Geolocation
          Network & Process Monitoring
          Controlling Operating Costs
          Privileged User Monitoring
          Flexible Reporting
          Visualizing Log & Event Data
          Zero Day Exploits
          Architecture for Any Enterprise
       Case Studies
          Canadian Auto Association
          University of Nottingham
          Endsleigh Insurance Services
          The Share Centre
          ALPS Funds Services
          St John Ambulance
          Phoenix Sun
          Ventura
          Ascent Media Group
          Commidea
          Center for American Progress
          Fortis Bank
          Cardiff County Council
          Regis Corporation
       Compliance Solution Briefs
       Compliance White Papers
       Sample Reports
       Customer Testimonials
       3-Minute Product Demo
       In-Depth Product Demo
       Request Online Demonstration
       Multimedia
       Industry Info
       Request More Info

Partners
       Partners Overview
       Reseller Partners
       MSP/MSSP Partners
       Services and Solutions Partners
       Technology Partners
       Ecosystem Partners

Company
       Overview
       In the News
       Press Releases
          Press Releases - Current
          Press Releases 2010
          Press Releases 2009
          Press Releases 2008
       Events
       Executive Team
       Careers
       Contact
       Privacy Policy

Support
       Customer Support Portal
Schedule an Online LogRhythm Demo Download White Papers Request More Information View 3-Minute Product Demo
Resources

The system has given us an unprecedented insight into what’s happening inside our servers which helps us run the network more effectively and efficiently.  LogRhythm is proving to be invaluable, playing a central role in Virgin Money Giving's ability to operate securely in the first place.

James Page
Technical Architect
Virgin Money

Detecting Zero Day Exploits


Security camera image from Zero Day Exploits use caseLogRhythm | LogRhythm's comprehensive live Tail feature.As technology use proliferates and enterprise IT environments become increasingly complex, the danger of exploits has grown more ominous than ever before. Most organizations are prepared to deal with known threats through the use of specific security tools, such as IDS or IPS devices, vulnerability assessment tools, and anti-malware and antivirus devices.  With zero day exploits however, the source is often an unwitting internal user, and manifests in ways that are undetectable by traditional means.  Many IT organizations are not adequately equipped to detect and respond to the initial threat.

When an exploit can come from anywhere, prevention and remediation require a true, global window not only into security specific event data, but operations as well.  Zero day exploits are best identified by automatically recognizing aberrant behavior, and immediately alerting administrators.
Download Detecting Zero Day Exploits 'PDF' Detecting Zero Day Exploits PDF

LogRhythm helps administrators identify anomalous behavior patterns, perform rapid root-cause analysis, and extract accurate information needed to help defend against future exploits.

 

Adaptation
Challenge

Zero day exploits cannot be detected by conventional means, such as antimalware or IDS/IPS devices, because signatures have not yet been created.  Without specific detection capabilities, security administrators have to rely on behavior-based detection methods.
Solution LogRhythm can alert administrators on anomalous behavior, such as any unauthorized outbound internet activity on non white-listed ports.
Benefit Once a general alert is received indicating that an exploit has occurred, alarm rules can be easily modified to incorporate more specific behavior patterns to respond more quickly to similar behavior.

 

Observation
 Challenge A sophisticated attack can be very subtle and specific details can go unidentified for days or weeks without the proper tools to identify the cause and impact of an attack.
 Solution

LogRhythm provides multiple options for conducting forensic investigations to quickly identify the source of the zero-day exploit. Users have the option to search for focused data points, or to use visual trending and analysis to identify behavior patterns and instantly drill down into specific event details.
Benefit

Tail can be quickly configured based on any criteria, using LogRhythm’s simple and intuitive wizard-based setup. Any Tail can be saved for future use, providing users with a straightforward and instantaneous method for recognizing and monitoring repeat incidents.

 

Rapid Response
Challenge A zero day exploit can impact any source – frequently an unwitting internal user or system. Locating the source is a near impossible task without the forensics capabilities to identify relevant detail.
Solution

LogRhythm provides multiple options for conducting forensic investigations to quickly identify the source of the zero-day exploit. Users have the option to search for focused data points, or to use visual trending and analysis to identify behavior patterns and instantly drill down into specific event details.
Benefit

Investigations provide the specific detail required for administrators to contain a zero day exploit, and can be saved for future use to respond to similar breaches or to rapidly discover other points of infection.

 
 
© 2011 LogRhythm, Inc.    All Rights Reserved.