Comply, Secure, Optimize. These are the three goals of businesses striving for multi-dimensional big data security analysis. Your infrastructure is increasingly under attack from the outside and from within. Kensington’s solution for advanced cyber threat defense, detection and response will help protect your network from a rapidly evolving threat landscape. It harnesses the wealth of security-related information embedded within everyday systems, applications, and network log data. It analyzes and correlates all log and event data in real-time, providing comprehensive visibility and advanced alerting on important events for true enterprise security intelligence.
Our solution delivers real-time anomaly detection and alerting, advanced correlation and pattern recognition, data visualization for long-term trending and immediate drill-down access to all data for powerful forensic analysis and rapid root cause analysis.
Respond immediately to threats in either a fully automated fashion or by queuing up a response to execute after up to three levels of authorization to comply with any internal change management policies. And an intuitive wizard-driven interface custom rule creation allows you to quickly adapt your SIEM capabilities to provide relevant insight into critical devices and custom applications that are unique your network and your business.
Get a Personal Dashboard which provides users with real-time visibility into security related events and alerts for those activities that warrant immediate attention. From the dashboard users can perform a variety of functions including launching investigations, customizing alerts, drilling down into supporting normalized and raw log data as well as generate and configure custom reports while maintaining user audit tracking for compliance and reporting.
Auditors can be automatically notified of specific audit activity and use Kensington’s LockBox analysis tools to accelerate the review process. Kensington allows you to centrally monitor security activity across the entire IT infrastructure. Using one of our customizable dashboards, users can monitor security activity and cyber threats pertaining to systems in their domain of responsibility.
Advanced Correlation and Pattern Recognition
Kensington’s LockBox Advanced Intelligence (AI) Engine offers sophisticated correlation and analysis of all enterprise log data in a uniquely intuitive fashion. With a practical combination of flexibility, usability and comprehensive data analysis, AI Engine delivers advanced SIEM capabilities with real-time visibility to risks, threats and critical operations issues that are otherwise undetectable in any practical way. AI Engine is Correlation That Works!
LockBox collects event data from network and host-based intrusion detection systems. In many cases, intrusion detection systems have been turned down or turned off due to the high volume and unmanageability of alerts. Kensington’s data reduction and intelligent event management capabilities allow you to realize your IDS investment by turning on and/or turning up the volume and integrating intrusion detection and prevention into your overall SIEM strategy.
File Integrity Monitoring
FIM provides independent auditing of access to and modification of sensitive files. This capability provides an independent audit trail of system changes, as well as who made the change. It is a powerful feature for identifying compromised servers, helping to detect suspicious behavior, such as when intruders override system files and/or create user accounts upon gaining access.
Use a range metadata fields that identify and organize information such as network traffic statistics, session and process information, and transaction quantities, amounts and rates. Leverage this information to provide greater SIEM granularity for unprecedented visibility into potential insider threats, compliance violations and other operational risks. This combined with contextual event forwarding enables real-time identification and alerting of anomalies within application, database and network activity.
Advanced Intrusion Corroboration
When a security alert is raised, how do you determine its validity? In most networks this is a difficult and time-consuming task, often requiring the involvement of administrators responsible for the affected system. Now intrusions can be corroborated much more efficiently. Immediately investigate an alert and corroborate its validity by combining the alert with forensic log data from the affected system. With the click of a mouse you are able to view all log data from the affected system 5 seconds, 5 minutes, or 5 hours before or after the alert occurred, all without paging a single administrator.
Alerting and Notification of Security Events
Easily monitor all log activity for a variety of activities and anomalies related to such factors as specific filename patterns, IP addresses, hosts, users, transaction amounts, file transfer size, etc. When security policies are violated, you can automatically alert designated individuals via e-mail, pager, existing management applications and the console. Alerts can be customized to include or exclude specific information and can be sent to users based on their role relative to the affected system or application.
Standard alarms allow advanced filtering for real-time alerting based on any criteria contained within the log data. The addition of the AI Engine delivers over 100 preconfigured, out-of-the-box advanced correlation rule sets and a wizard-based drag-and-drop GUI for creating and customizing even complex rules, enabling organizations to predict, detect and swiftly respond to:
- Sophisticated intrusions
- Insider threats
- Compliance violations
- Disruptions to IT Services
- And many other critical actionable events…
Whether you’re battling a zero day attack, trying to discover the impact of activity from a recently terminated disgruntled employee or investigating an HR complaint against a manager of one of your field offices, if managed properly, log data can provide invaluable insight into nefarious behavior, potential risks and imminent threats to your organization.
We collect, store, analyze and report on log data in such a way that investigators can readily tap that information to accelerate their discovery of root cause, affected systems and assets, and to dramatically reduce the time-to-remediate.
A zero day exploit may proliferate a bot throughout an enterprise that launches rogue SMTP processes on affected systems. Our nvestigative capabilities empower investigators to quickly determine from which system the exploit was launched, which systems, devices and applications have been affected and prioritize remediation based upon the asset value of those affected entities.
The departure of a disgruntled administrator may raise concerns about their activities prior to resigning. With LogRhythm, investigators can quickly determine what systems were accessed, changed or potentially compromised by that employee during the last 30 days of his employment. LogRhythm also preserves raw log data in its original form in a secure and tamper-proof manner so that chain of custody can be maintained.