Thursday, March 12, 2020

LogRhythm Labs: Cybersecurity Expertise Delivered into Your LogRhythm Deployment

LogRhythm Labs: Cybersecurity Expertise Delivered into Your LogRhythm Deployment

What is LogRhythm Labs?

LogRhythm Labs is the team that researches and creates the content that goes into the LogRhythm NextGen SIEM Platform. The team mission is to:

Research and deliver world-class security, compliance, intelligence, and operational risk content to protect our customers from damaging cyberthreats, meet their compliance needs, and reduce their operational risk.

Labs, therefore, exists to provide the threat, compliance, and operational content that enables the LogRhythm platform to provide out-of-the-box value and usability to our customers.

Labs content is delivered within discreet modules consisting of analytics rules, reports, searches, and dashboards. Additional content may also include automation via our SOAR offering, RespondX, or automated lookup via Web Contextualisation.

Content is regularly added, actively maintained, and released as part of our weekly Knowledge Base update directly into the platform. Customers can use as much or as little of the content as they like, and we include the ability to clone the provided content for bespoke requirements.

Labs consists of three focused teams: Compliance Research, Threat Research, and Strategic Integrations. I'll explain these in more detail below.

Compliance Research

LogRhythm employs a team of subject matter experts in the compliance space. And when it comes to compliance, change seems to be the only constant. New regulations are released, existing regulations change over time, and our customers rely on LogRhythm to help them comply with complex regulatory frameworks and standards.

LogRhythm delivers compliance content in support of numerous regulatory frameworks, including NIST, HIPAA, ISO27001, GDPR, and PCI, as well as many other regulatory frameworks from the United States, Europe, the Middle East, and the Asia Pacific regions.

The Compliance Research team has also developed the Consolidated Compliance Framework. This is a unique offering designed to offer greater efficiency, and to reduce management and analyst overhead to customers needing to demonstrate compliance with multiple mandates or regulations.

When amendments are enacted to any of the supported regulations, we develop the necessary updates to the compliance module's library of report packages, investigations, rules, and alerts that are specifically mapped to individual controls as specified by the relevant regulations.

Threat Research

LogRhythm's Threat Research team continuously researches the latest trends in cyberthreats. Cyberthreats are constantly evolving, and the methods used in a malicious attempt change over time. Furthermore, as new technology (e.g., mobile devices, sensors, and internet of things, or IoT) is released by vendors, threat actors begin to look for methods and techniques to compromise those devices immediately.

The Threat Research team develops and maintains content aligned with the threat landscape as it evolves, considering the latest tactics and techniques that attackers are leveraging. The team leverages original research, threat intelligence, and other industry resources, as well as their own wide experience to deliver effective threat detection capabilities.

Skilled cybersecurity resources are at a premium, and it's beyond the reach of most organizations to build and resource their own threat research unit. Threat Research does the research and content development that provides all of our customers with wide and deep threat detection capability right out of the box, providing enormous added value beyond a simple software platform. Even those organizations that are resourced for their own threat research can get a significant boost to the efficacy of their operations by using our prebuilt content for their core requirements, and as a powerful basis for further development.

The team maintains our User and Entity Behavior module, as well as our Network Detection and Response module. During 2019 a brand-new module aligned to the MITRE ATT&CK framework was also released. Because ATT&CK is so comprehensive and constantly growing, we have adopted an Agile release methodology to enable iterative updates, thus allowing new content to be continually delivered to our customer base. This approach will also enable us to release content supporting the additional frameworks MITRE has launched aligned with Cloud and ICS.

Strategic Integrations

Our Strategic Integrations team is comprised of subject matter experts in integration and operational technology. This teams' research spans a wide range of verticals, including healthcare, transport, energy, manufacturing and more. This research encompasses ICS, OT, sensors and medical devices, in addition to the operational systems used in the relevant industry vertical (for example electronic health record systems, human resource management systems, etc). The goal is to reduce risk and pre-emptively identify risk as it affects the operations of a business.

This team delivers content that can assist in reducing operational risk, gaining insight into OT, IoT, and IIoT device activities, promoting good IT hygiene, and integrating specialist device types into the LogRhythm ecosystem. As you can imagine, this is a busy and constantly changing environment as digital transformation affects every aspect of life, and more and more devices interact with our physical as well as digital lives.

What Content Did Labs Release in 2019?

  • Threat
  • Compliance
    • Extensive Revisions to Consolidated Compliance Framework (CCF)
    • Criminal Justice Information Service Module
    • ISO 27001 Module
    • Australian Signal Directorate Module
  • Strategic Integrations
    • IT Operations Module
    • Physical Security Integrations (three releases)

What Content is Available in the LogRhythm NextGen SIEM Platform?

Compliance Modules:


Threat Modules:

Core Threat Detection, UEBA, NDR, MITRE ATT&CK, Retail Cybercrime, Threat Feed integrations

Strategic Integrations:

IT Operations, Epic, Healthcare Security, Financial Fraud Detection

Embedded Expert Content Delivered Straight to Your Deployment

The LogRhythm Labs team works tirelessly to research and deliver new content into the LogRhythm NextGen SIEM Platform so your team can:

  • Get immediate value from your deployment
  • Easily keep up with the changing threat landscape and digital transformation
  • Reduce the reliance on in-house research expertise

The Labs team is your partner in making sure you have content and resources that you need to be successful and get value from your LogRhythm investment — and all of this content comes at no extra cost to you.

Find documentation around all of our modules on the LogRhythm Community under Documentation and Downloads:

No comments:

Post a Comment