A lot of SMBs feel overmatched by the bad guys in cybersecurity. And, for good reason—they are. Most attackers have abundant time to find the latest software vulnerabilities and the best techniques for exploiting weaknesses.
Even companies that have plenty of firewalls, anti-malware, and threat detection still struggle to keep attackers out of their networks—76% of companies reported that their networks were breached in 2015, according the 2016 Cyberthreat Defense Report.
The problem is that these companies are at a serious intelligence disadvantage.
To fight that, a new breed of security product has emerged in the last few years called "security intelligence management" (SIM). These products use big data—about the methods attackers use to breach networks—and put it to work in targeted ways to identify and respond to potential break-ins as they're happening.
Timeliness is key, because the average time between a breach and an organization discovering it is 146 days, according to Mandiant's M-Trends 2016 report.
One of the leaders in the SIM market is LogRhythm, a company I met this week in Orlando at the Midmarket CIO Forum, where their message played well to a crowd of 200 overworked, under-resourced CIOs and CMOs.
SEE: Network Security Policy Template (Tech Pro Research)
For SIM solutions like LogRhythm, the magic happens by overlaying two big data sets: 1.) live log data from a company's routers, switches, mail servers, PCs, etc. and 2.) a database of known threats and intelligence about how attackers compromise networks. It flags issues in real-time and helps companies realize they are under attack and respond before any damage can be done.
For an example of this in action, take a look at this video that shows a phishing attack being discovered and repelled:
The biggest question that IT leaders at the Midmarket CIO Forum had was what if they don't have the staff to monitor and respond to this. In that case, LogRhythm said it has partners that companies can employ to co-manage this and constantly keep an eye on potential threats. It also has instant response services, where LogRhythm's experts can be hired on an hourly basis to help an IT department deal with potential threats and attacks.
At its core, LogRhythm is an appliance that sits behind the company's firewall—although it can also be run from one of the company's own VMs or servers, if needed. It can connect to over 750 different devices, software suites, and solutions to pull log data (see list here). The more log data it can pull in, the more effective it can be—and the more money LogRhythm makes since the cost of the software license is based on the amount of log data it processes during 24 hours.In terms of where it stands in the market according to the Gartner Magic Quadrant, for the past four years LogRhythm has been in the leader's quadrant of what Gartner calls "Security and Event Intelligence Management" (SIEM).
Currently, LogRhythm is joined there by heavyweights HP, IBM, and Intel and popular upstart Splunk. LogRhythm touts its biggest advantage as having 650 employees focused solely on this problem. The company is headquartered in Boulder, Colorado and hasn't shipped any of its customer service overseas, which gives it the benefit of direct touch with customers—a factor valued by midmarket IT leaders.
"LogRhythm is an especially good fit for organizations that require an integrated combination of SIEM, endpoint and network monitoring capabilities, and those organizations that value ease of deployment and predefined function over a 'build your own' approach to monitoring," said Gartner in its Magic Quadrant report.
Is your company taking advantage of Security Intelligence Management, or are you interested in implementing it? If so, how does it help or how do you think it could help your organization, or not? Tell us in the comments.
- Security experts: what's wrong with Internet of Things security, and how to fix it (TechRepublic)
- Cybercriminals can't find good help these days (TechRepublic)
- Who's in charge during a cyberattack? Pentagon doesn't know (ZDNet)
- Cybercriminals are overcoming language and timezone barriers to cooperate on making malware more dangerous (ZDNet)
- Why security execs are living in denial about cybersecurity and how they can stop (TechRepublic)
Jason Hiner has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Jason Hiner is Global Editor in Chief of TechRepublic and Global Long Form Editor of ZDNet. He's co-author of the book, Follow the Geeks.