LogRhythm Privileged Use Monitoring Use Case
- 1. USE CASE Privileged User Monitoring When it comes to protecting a network from insider threats, organizations need the ability to keep a watchful eye on its privileged users. This includes business users with direct access to confidential data systems, as well as administrators with the ability to create and modify permissions, privileges and access to any device. The challenge is finding a way to keep an eye on all systems within a large, heterogeneous environment and quickly identify improper or malicious behavior when, in most cases, the people responsible for the behavior in question are the ones with access to the log files that record all user activity. LogRhythm provides unprecedented auditing and insight into privileged user activity, across the enterprise. Watching the Watchers Securing the Bread Crumbs Finding the Needle Challenge “Administrator” privileges usually Most privileged users behave in a Recording log data related to include the ability to modify or even responsible and ethical manner. But, privileged user activity is a start. remove activity log data. While most the high-level access tied to their However, gaining meaningful and administrators use their access privileges user permissions means that a single timely insight into inappropriate and/ responsibly, it is imperative to establish privileged user with malicious intent or concerning behavior with intelligent an independent and automated means of can cause enormous damage to an and automated correlation, alerting capturing and storing log data associated organization. Because they have the and reporting is like trying to find a with administrator activity and alerting on means to modify data of recorded activity, needle in a haystack. concerning behavior. tracking the culprit can be difficult. Solution LogRhythm’s real-time, automated, Immediate collection by LogRhythm LogRhythm provides Intelligent IT centralized and secure collection of log with cryptographic hashing provides Search™ capabilities for rapid data provides independent access to a digital chain-of-custody that user-level investigations, displays privileged user activity logs without relying eliminates the ability for privileged aggregate and trending visualization on the privileged user for collection. users to tamper with activity records to identify behavior based patterns, and conceal nefarious activity. and delivers automated alerting on specific privileged user activity. Benefit Using the alarming tool, LogRhythm LogRhythm’s SecondLook™ archive LogRhythm users can quickly use the users can set up alerts to send out restoration wizard allows administrators investigate tool on all activity performed notifications any time a privileged user to immediately query against any by a newly created user, using a account is added or modified, including archived data, which is automatically combination of detailed forensic views information about who created the validated to maintain the digital and interactive graphical analyses. account. chain-of-custody. A simple, wizard-based GUI makes investigations quick-to-run and easy to save for future use. © 2010 LogRhythm Inc. | www.logrhythm.com PrivilegedUserMonitoringUseCase_1004