1
USE CASE © 2010 LogRhythm Inc. | www.logrhythm.com GeolocationUseCase_1008 Enriching Event Data with Geographic Context Log Management and SIEM solutions provide numerous tools for automatically identifying and communicating what events are happening on your network. With the increasing globalization of information technology, understanding the geographic details of where an event takes place has become an increasingly critical component of incident identification and response. Knowing the physical origin or destination of specific communications, whether inside or outside the network, can lend immediate urgency to any event. Being able to geographically isolate operations events such as failing communications devices, or to quickly identify the origin and scope of a security breach, can provide immediate value to enterprise IT organizations. The right data can reduce incident response times while providing better information for an appropriate response. Challenge With the increasing globalization of information technology, geographic context has become a critical component of IT operations and security. Not knowing the physical location of devices and applications involved in an event can handicap root cause analysis and slow response times. Solution LogRhythm automates the process of adding geographic context to any event data. This adds immediate context for performing root-cause analysis, forensic investigations and recognizing incident propagation. Benefit LogRhythm offers an automated geolocation service that automatically populates unknown geographic context, either from within the network or from external and anonymous IP addresses. In large enterprises high-volume communication is common, making it difficult to identify unauthorized or anomalous data transfers to or from rogue destinations. The problem is exacerbated when communication related to an event involves multiple sources. LogRhythm’s intuitive, wizard-based setup for alarms and investigations makes it a simple process to establish blacklists that automatically identify any communication with unauthorized or rogue locations, whether inbound or outbound. Once a problem has been identified, LogRhythm provides numerous tools for understanding the scope and specific details. From interactive trending and relationship mapping to on-screen keystroke filtering, administrators can immediately zoom in on the relevant context surrounding a significant event. With today’s global workforce, many employees access company networks from different locations around the planet, including many who log in from multiple locations over a given period of time. Identifying improper usage of authorized credentials among thousands of legitimate logins is a difficult task. LogRhythm’s data management allows geolocation data to be correlated against any field. LogRhythm users can easily create alarms that will send an alert when communications from authorized users is coming from geographic locations that are not on a predefined whitelist. When an alert is generated, all activity by that user or from that location can be immediately investigated with a simple right-click, providing a complete picture of suspicious behavior patterns tied to specific data points. Mapping the Globe Finding the Stowaway Maintaining the List LogRhythm’s automated geolocation capabilities provide important geographic context related to internal and external events impacting any sized IT environments.

LogRhythm Geolocation Use Case

Embed Size (px)

Citation preview

Page 1: LogRhythm Geolocation Use Case

USE CASE

© 2010 LogRhythm Inc. | www.logrhythm.com GeolocationUseCase_1008

Enriching Event Data with Geographic Context

Log Management and SIEM solutions provide numerous tools for automatically identifying and communicating what events are happening on your network. With the increasing globalization of information technology, understanding the geographic details of where an event takes place has become an increasingly critical component of incident identification and response.Knowing the physical origin or destination of specific communications, whether inside or outside the network, can lend immediate urgency to any event. Being able to geographically isolate operations events such as failing communications devices, or to quickly identify the origin and scope of a security breach, can provide immediate value to enterprise IT organizations. The right data can reduce incident response times while providing better information for an appropriate response.

ChallengeWith the increasing globalization of information technology, geographic context has become a critical component of IT operations and security. Not knowing the physical location of devices and applications involved in an event can handicap root cause analysis and slow response times.

SolutionLogRhythm automates the process of adding geographic context to any event data. This adds immediate context for performing root-cause analysis, forensic investigations and recognizing incident propagation.

BenefitLogRhythm offers an automated geolocation service that automatically populates unknown geographic context, either from within the network or from external and anonymous IP addresses.

In large enterprises high-volume communication is common, making it difficult to identify unauthorized or anomalous data transfers to or from rogue destinations. The problem is exacerbated when communication related to an event involves multiple sources.

LogRhythm’s intuitive, wizard-based setup for alarms and investigations makes it a simple process to establish blacklists that automatically identify any communication with unauthorized or rogue locations, whether inbound or outbound.

Once a problem has been identified, LogRhythm provides numerous tools for understanding the scope and specific details. From interactive trending and relationship mapping to on-screen keystroke filtering, administrators can immediately zoom in on the relevant context surrounding a significant event.

With today’s global workforce, many employees access company networks from different locations around the planet, including many who log in from multiple locations over a given period of time. Identifying improper usage of authorized credentials among thousands of legitimate logins is a difficult task.

LogRhythm’s data management allows geolocation data to be correlated against any field. LogRhythm users can easily create alarms that will send an alert when communications from authorized users is coming from geographic locations that are not on a predefined whitelist.

When an alert is generated, all activity by that user or from that location can be immediately investigated with a simple right-click, providing a complete picture of suspicious behavior patterns tied to specific data points.

Mapping the Globe Finding the Stowaway Maintaining the List

LogRhythm’s automated geolocation capabilities provide important geographic context related to internal and external events impacting any sized IT environments.

Geolocation Mobile

Geolocation Mobile

Documents
LogRhythm Cyber Security in Enterprise Presentation

LogRhythm Cyber Security in Enterprise Presentation

Technology
Internet Geolocation

Internet Geolocation

Documents
Geolocation Now

Geolocation Now

Technology
LogRhythm Detecting Advanced Threats Use Case

LogRhythm Detecting Advanced Threats Use Case

Technology
Api geolocation

Api geolocation

Documents
LogRhythm Detecting Advanced Threats Use Case UK

LogRhythm Detecting Advanced Threats Use Case UK

Technology
Lanzamiento LogRhythm en Argentina

Lanzamiento LogRhythm en Argentina

Technology
Cellular Geolocation

Cellular Geolocation

Documents
Geolocation & Tagging

Geolocation & Tagging

Documents
LogRhythm Siem 2.0 Flyer

LogRhythm Siem 2.0 Flyer

Technology
Indoor geolocation

Indoor geolocation

Documents
LogRhythm Supported Products List

LogRhythm Supported Products List

Documents
LogRhythm 7 Review: Reducing Detection and Response Times€¦ · Case I: Data Exfiltrating to China (CONTINUED) SANS ANALYST PROGRAM 5 LogRhythm 7 Review: Reducing Detection and

LogRhythm 7 Review: Reducing Detection and Response Times€¦ · Case I: Data Exfiltrating to China (CONTINUED) SANS ANALYST PROGRAM 5 LogRhythm 7 Review: Reducing Detection and

Documents
Rentcycle geolocation

Rentcycle geolocation

Documents
Geolocation case Tiburon Research + X5 Retail Group

Geolocation case Tiburon Research + X5 Retail Group

Data & Analytics
Geolocation for Web - Geohash, GeoIP & HTML5 Geolocation

Geolocation for Web - Geohash, GeoIP & HTML5 Geolocation

Technology
Geolocation Fun

Geolocation Fun

Technology
MAMBA RANSOMWARE ANALYSIS - LogRhythm...MAMBA RANSOMWARE ANALYSIS About LogRhythm LogRhythm, a leader in Threat Lifecycle Management, empowers organizations around the globe to rapidly

MAMBA RANSOMWARE ANALYSIS - LogRhythm...MAMBA RANSOMWARE ANALYSIS About LogRhythm LogRhythm, a leader in Threat Lifecycle Management, empowers organizations around the globe to rapidly

Documents
LogRhythm Innovation

LogRhythm Innovation

Documents
LogRhythm Rapid Time Value Use Case UK

LogRhythm Rapid Time Value Use Case UK

Documents
Plotting a Better Beer with Geolocation: An Untappd Case Study

Plotting a Better Beer with Geolocation: An Untappd Case Study

Software
LogRhythm Integrated Solution 6.3.4 Security TargetThe LogRhythm Console1 provides the user interface into a LogRhythm deployment. The Console is a Windows .NET-based client application

LogRhythm Integrated Solution 6.3.4 Security TargetThe LogRhythm Console1 provides the user interface into a LogRhythm deployment. The Console is a Windows .NET-based client application

Documents
Geolocation and Targeted Advertising: Making the Case for

Geolocation and Targeted Advertising: Making the Case for

Documents
N6854A Geolocation System - Keysight · 27.06.2019  · N6854A Geolocation Server Software The Keysight Geolocation Server Software is an easy-to-use application for manual geolocation

N6854A Geolocation System - Keysight · 27.06.2019  · N6854A Geolocation Server Software The Keysight Geolocation Server Software is an easy-to-use application for manual geolocation

Documents
What's New Logrhythm 5.1 Data Sheet

What's New Logrhythm 5.1 Data Sheet

Sports
LogRhythm Advanced Intelligence Engine Data Sheet

LogRhythm Advanced Intelligence Engine Data Sheet

Technology
Geolocation Privacy

Geolocation Privacy

Documents
LogRhythm Visualize This

LogRhythm Visualize This

Documents
LogRhythm Supported Products Data Sheet

LogRhythm Supported Products Data Sheet

Technology