LogRhythm Industry Solutions

Energy and Utilities

Because of the critical nature of protecting the nation’s power grid and its associated infrastructure, IT Security professionals in the energy/utility industry face a unique set of challenges. Network security for regulatory compliance is heavily mandated and tightly regulated, with multiple industry-specific requirements (NERC CIP, NRC, NEI, etc.) But the non-standard nature of many systems, such as SCADA devices, makes data collection for comprehensive cybersecurity difficult. LogRhythm delivers advanced network security and automated compliance assurance to protect the energy/utility industry against cybercrime, APTs and costly data breaches.

Industry Challenges

• Strict, service-specific guidelines
• Non-standard, mission critical applications (SCADA, data historian, etc.)
• Strict access control requirements
• Extensive disaster recovery protocols

We Offer

• Comprehensive compliance packages for:
• NERC CIP
• NRC RG (Regulatory Guide) 5.71
• NEI 08-09 Rev 6
• Specific support for SCADA devices
• Secure, one-way communication for classified environments
• Out-of-the-box advanced correlation rules for protecting critical assets
• SmartResponse™ plug-ins for active cybersecurity and compliance enforcement

Protecting Critical Infrastructure

LogRhythm allows organizations to detect and understand deviations from expected and authorized behavior – a critical component of securing the critical infrastructure. New viruses, malware, Trojans, zero-day exploits and attacks are developed every day to bypass existing antivirus solutions and are frequently disguised as hidden or important system objects or lurking hidden folders. LogRhythm helps organizations defend against cyber threats by:

• Eliminating information gaps
• Detecting and understanding behavioral deviations
• Independently monitoring
• Process activity
• Network connections
• User activity
• Performing File Integrity Monitoring
• Tracking and controlling the movement of data to removable media

Benefits for Energy/Utilities

• Logically identify and prioritize which SCADA assets are the likely targets of an attack
• Establish visibility on resources that may be exploited to attack SCADA and/or classified networks
• Profile expected behavior for SCADA devices and associated resources
• Establish a continuous monitoring program to identify anomalous behavioral patterns, defend against specific cyber threats, and protect critical assets
• Meet industry specific regulatory such as NERC CIP, NRC RG 5.71, NEI 08-09 Rev 6, etc.

Healthcare

With healthcare organizations moving increasingly to electronic means of storing Protected Health Information (PHI), protecting patient data becomes a much more important task for IT organizations. This is a difficult and complex job due to the rapidly growing number of diverse technologies used for processing and storing ePHI. Each Electronic Health Record (EHR) or Electronic Medical Record (EMR) has its requirements around protecting sensitive data. Components influencing this protection are as follows:

• Numerous regulations governing patient data protection
• HIPAA
• HITECH
• State by state regulations
• Strict fines for failure to report breaches quickly
• Highly customized EHR/EMR applications
• Poorly defined and/or complex regulatory requirements
• Limited in-house compliance expertise related to information security
• Establishing meaningful use in order to receive federal funding

In addition to delivering out-of-the-box continuous compliance automation, LogRhythm provides healthcare organizations with the means to proactively protect ePHI and the tools to quickly detect and respond to information breaches.

Benefits for Healthcare

• Automated Compliance Suite for HIPAA
• Out-of-the-box, industry specific embedded expertise
• Comprehensive reporting to support meaningful use (NOTE: There is NO ADDITIONAL COST to LogRhythm’s solution for meaningful use.)
• Multiple automation tools to enforce continuous compliance
• PHI protection to meet meaningful use requirements
• Custom support for EHR/EMR applications
• Powerful forensics for rapid breach reporting
• Integration for 3rd Party auditing applications like FairWarning

Higher Education

Higher Education institutions face many challenges when it comes to securing the network. The network infrastructure is complex, extensive, and heavily accessed making it difficult to secure. A large university may have tens of thousands of users accessing the network on a daily basis, each potentially requiring extensive access to resources throughout the IT environment. At the same time the extended network will have multiple segments requiring strict access control, such as a university-run healthcare organization with a need to protect electronic patient data (ePHI), or a Registrar’s Office that not only needs to protect confidential student information, but may process credit card transactions necessitating that the university comply with specific PCI DSS requirements.

Industry Challenges

• Large user base with numerous access points
• Extensive volume of network traffic and user activity
• Complex, large networks
• Numerous network segments
• Highly heterogeneous environments
• Limited control over user behavior
• Extensive access points and security holes
• Numerous potential regulations
• HIPAA
• FISMA
• PCI DSS
• Limited in-house compliance expertise related to information security
• Resource limitations due to budget constraints

In addition to delivering out-of-the-box continuous compliance automation, LogRhythm provides higher education institutions with the means to proactively protect their extended networks and the tools to quickly detect and respond to breaches.

Benefits for Higher Education

• Automated Suites for multiple regulatory compliances
• Out-of-the-box, industry specific embedded expertise
• Comprehensive reporting to support meaningful use
• Multiple automation tools to enforce continuous compliance
• Massively scalable for large IT environments
• Global visibility throughout the network
• Flexible deployment options to fit organizational requirements
• Building block architecture for easy expansion
• Industry leading support for custom applications
• Powerful forensics for rapid breach reporting

Public Sector

LogRhythm’s comprehensive LOG management and SIEM solution helps organizations comply with a myriad of regulations (FISMA, NERC CIP, HIPAA, DoDI, NIST CSF, etc.) and combat cyber threats. LogRhythm is an enterprise-class platform that seamlessly combines Log Management & SIEM, File Integrity Monitoring, Host Activity Monitoring, and Network Forensics into a single integrated solution. LogRhythm addresses an ever-changing landscape of threats and challenges with a full suite of high performance tools for security, compliance, and operations. It delivers comprehensive, useful and actionable insight into what is really going on in and around an enterprise IT environment. LogRhythm’s Security Intelligence Platform delivers:

• Fully Integrated Log & Event Management
• Real-time Security Analytics
• Advanced Correlation & Pattern Recognition
• Automated Behavioral Whitelisting
• Extended Visibility and Context
• Independent Host activity Monitoring
• File Activity Monitoring
• Enterprise-wide Network Visibility
• Powerful, Rapid Forensics
• Intelligent, Process-Driven SmartResponse™
• Ease-of-use and Simplified Management

Certificates Received

• Common Criteria (VID# 10389)
• FIPS 140-2 (FIPS# 1817)
• Certificate of Networthiness (Enterprise CoN for Log Management 201416842)
• DADMS (# 91947)
• GSA Schedule # GS35F0311R
• CHESS TVAR Solutions/IronBow

One Integrated Solution

Adaptable Continuous Monitoring for Risk Management

• Real-time event monitoring & alerting
• Advanced correlation & pattern recognition
• Real-time Big Data Security Analytics
• Centralization & secure archiving of all logs
• Automated, Comprehensive reporting for 3rd Party Auditors
• High-performance, scalability & ease-of-use
• Comprehensive support for network and security devices, servers, operating systems and applications.
• SmartResponse remediation for continuous Management
• Multi-dimensional Behavioral Analytics

Compliance Automation and Assurance

• Direct alignment to NIST guidelines for log management
• Automated 3rd party security authorization with out of the box support for multiple regulations (FISMA, DoDI, HIPAA, NERC CIP, etc.)
• Automated alerting on compliance violations
• Fully integrated log and event management to address multiple components of the CAESARS Framework
• Embedded Expertise by LogRhythm Labs for continuous updates to built-in compliance packages
• Comprehensive packages for operating best practices

Protection from Advanced Persistent Threats

• Identification, monitoring and protection of targeted assets and data
• Establishment of behavioral profiling and monitor for suspicious behavior
• Alerting & reporting on the misuse of privileged user access to protect against insider threats and stolen credentials
• Monitoring of removable media with active response to prevent data loss
• Independent monitoring of file integrity and host activity for extended visibility and endpoint protection
• Out-of-the-box SmartResponse™ Plug-ins for active defense from APTs
• Automated behavioral whitelisting of acceptable activities by users, hosts, applications, etc.

Strategic Technology Integration

LogRhythm integrates with an extensive array of 3rd-party security technologies to deliver comprehensive and dynamic cyber threat defense and compliance automation. This includes collecting and correlating data from focused security products (vulnerability management, IDS/IPS, AV/AM, DPI, etc.) and two-way communication with strategic security and compliance technology solutions (SIEM, GRC, DLP, HBSS, etc.).

Classified Environments

LogRhythm is architected to support unidirectional communication for operating within classified environments.

• Integration with one-way Data Diodes
• Fully-encrypted communication for secure collection
• Multi-tenant architecture for logical data segregation
• Granular role-based access controls
• Standard STIG documentation for any deployment

Retail and Hospitality

The retail industry faces many challenges in meeting today’s extensive data security requirements and specific compliance regulations such as PCI DSS. These requirements are extensive. Failure to comply can result in costly fines, and in the event of compromised customer information through a data breach, the loss to revenue and reputation can be substantial. And yet a typical retail IT department’s priorities primarily focused on revenue-generating activities related to improving the customer experience, rather than those focused on breach prevention and protection of customer data.

Challenges

• Highly distributed environments
• Geographically distributed retail location
• Limited bandwidth available monitoring
• Custom requirements for Point-of-Sale (POS) Systems
• Limited staff resources for security and compliance

Lack of visibility into enterprise wide activity LogRhythm is uniquely suited to support the needs of the retail industry with comprehensive PCI compliance packages and industry leading advanced agent technology that enables secure and reliable collection from remote retail locations.

Benefits for Retail

• Out-of-the-box Automation Suite for PCI
• Comprehensive capabilities to enforce continuous compliance
• Extensive automation to limit staff resource requirements
• Direct alignment with 80 specific mandates
• Fully integrated File Integrity Monitoring (FIM)
• Dedicated support for retail locations
• Custom support for POS systems
• Secure compressed data collection
• Advanced correlation and behavioral analysis
• Protection from insider threats
• Identification of compromised user and customer credentials
• Fraud detection and prevention
• Simple scalability to accommodate company growth