SBN

Analyze Attacker Behavior, Endpoint Detection Anomalies with LogRhythm and Carbon Black  

As cyberthreats continue to grow, enterprises like yours are challenged more than ever to protect the business from damage. And threats aren’t going away. By 2021, Cybercrime Magazine predicts a ransomware attack will occur on businesses every 11 seconds, up from every 40 seconds in 2016. What’s more, cybercrime costs are expected to grow to $10.5 trillion by 2025.

To gain insight into potential threats, it’s crucial to focus on endpoint data and attacker behavior. This blog post uncovers how to do just that through LogRhythm and Carbon Black integrations.

Detect Threats, Abnormal Behavior Early

To help organizations improve threat detection, LogRhythm released SmartResponse™ automation plugins for VMware Carbon Black Cloud Endpoint Standard and VMware Carbon Black EDR. The VMware Carbon Black solution is a next-generation antivirus (NGAV) and endpoint detection and response (EDR) solution that protects against the full spectrum of modern cyberattacks

The integrations with LogRhythm help users analyze attacker behavior patterns over time to detect and proactively hunt for abnormal activity using threat intelligence and customizable detections. Early detection helps minimize damage to your organization.

LogRhythm and Carbon Black in Action

Using the VMware Carbon Black Cloud’s universal agent and console, the solution applies behavioral analytics to endpoint events to help analysts detect, prevent, and respond to cyberattacks. With the LogRhythm NextGen SIEM Platform, SOC teams can use a single pane  of glass to oversee Carbon Black and other disparate security solutions.

LogRhythm centrally collects Carbon Black logs using the VMware Carbon Black API. Logs are parsed and normalized before they are sent to the LogRhythm NextGen SIEM for analysis, storage, and reporting. LogRhythm’s SmartResponse automation plugins work with Carbon Black, accelerating response to cyberattacks.

For example, when an Alarm triggers and indicates suspicious activity on a device, an analyst can use a device ID to verify the status of that device to guide further action with the VMware Carbon Black Cloud Endpoint plugin. With VMware Carbon Black EDR plugin, an analyst can use the host name to check the status of that host and guide further response.

Carbon Black integrates with the LogRhythm NextGen SIEM Platform to applies behavioral analytics to endpoint events to speed detection and response to threats

Figure 1: Carbon Black integrates with the LogRhythm NextGen SIEM Platform to applies behavioral analytics to endpoint events to speed detection and response to threats

Finding Value with LogRhythm SmartResponse

The VMware Carbon Black Cloud Endpoint Standard and VMware Carbon Black EDR plugins are the latest integrations as part of the LogRhythm-Carbon Black partnership.

To download the Carbon Black plugins, visit the LogRhythm Community, or to find additional plugins, check out our SmartResponse automation plugin library. For more information about our Carbon Black integrations, download our Joint Solution Briefs on VMware Carbon Black Cloud Endpoint Standard and VMware Carbon Black EDR.

The post Analyze Attacker Behavior, Endpoint Detection Anomalies with LogRhythm and Carbon Black   appeared first on LogRhythm.

*** This is a Security Bloggers Network syndicated blog from LogRhythm authored by Kelsey Gast. Read the original post at: https://logrhythm.com/analyze-attacker-behavior-endpoint-detection-anomalies-with-logrhythm-and-carbon-black/