Cylance and LogRhythm: Delivering Prevention and Visibility

The Cylance Axiom Alliances Program is a community of cybersecurity solution providers working together to deliver a prevention-first approach to security.

Unlike other ecosystems built around the assumption of compromise, Axiom vendors are committed to using AI to continuously prevent adversaries from harming organizations by delivering added security controls that, when combined, minimize an organization’s attack surface and enable swift action across the organization’s entire environment, whether it be on-premises, IoT devices, hosted, or public cloud.

Cylance and LogRhythm

Cylance and LogRhythm have partnered to deliver enterprise-wide AI based threat prevention, analysis, and response. Cylance’s AI-driven prevention and protection stops advanced threats and changes the security engineer’s tactics from defensive to offensive.

The LogRhythm NextGen SIEM Platform continuously collects, normalizes, and analyzes rich, dynamic endpoint telemetry captured by Cylance technology. Cylance data is then combined with the petabytes of other machine data that LogRhythm collects and analyzes from across the distributed environment.

This analysis provides a holistic view of malicious activity and enables proactive detection of threats originating from or targeting an endpoint before they can result in a high-impact incident or data breach.

Value Statement

The integration between Cylance technology and LogRhythm allows mutual customers to:

  • Adopt a prevention-first methodology using machine learning that harnesses algorithmic science and artificial intelligence to determine whether objects are good or bad in real time.
  • Detect and prioritize intrusions faster by correlating detailed endpoint activity with other environmental context to recognize early indicators of potential compromise.
  • Visualize high-priority events in a Cylance-specific dashboard within LogRhythm’s centralized console.
  • Automate investigatory and response processes, including deployment of real-time countermeasures on an endpoint to prevent further impact and expedite incident response.
  • Streamline processes that were once significantly labor-intensive, including attack analysis and adaptive threat defense.

Use Cases

Lower Mean Time to Respond (MTTR) To Alerts:

  • Challenge: SOC analysts must sort through and prioritize a myriad of alerts then perform investigations involving research and correlation, which can take a significant amount of time and is prone to error.
  • Solution: With Cylance’s prevention-first methodology, which lowers noise (less infections, alerts, remediations, and re-imaging), along with the machine learning, advanced analytics, and actionable intelligence of The LogRhythm NextGen SIEM Platform, customers can respond faster with greater efficiency and accuracy to modern threats.
  • Additional Benefit: With the above solution, SOC analysts will get more time back to perform more important tasks for the security organization.

End-to-End Threat Management:

  • Challenge: Security teams are faced with numerous alarms and alerts. Filtering and prioritizing events consumes a security team’s already-constrained resources. Organizations need the ability to correlate data from disparate security products and effectively distinguish the real threats from false alarms.
  • Solution: LogRhythm incorporates endpoint data from Cylance technology into automated advanced correlation rules. This delivers highly-focused alerts that identify when suspicious activity is occurring within environments.
  • Additional Benefit: SmartResponse plugins are designed to actively defend against attacks by initiating actions that neutralize specific cyberthreats. These actions include disabling accounts that may have been compromised and terminating suspicious processes and services.

Prevent the Spread of Advanced Malware:

  • Challenge: Once an attacker controls an endpoint, it can be used to compromise additional systems. Left undetected, malware can quickly propagate across the network. It is imperative that security professionals quickly detect compromised endpoints and take immediate protective action to reduce the risk of a high-impact incident or data breach.
  • Solution: CylancePROTECT’s architecture consists of a small agent that integrates with existing security software like The LogRhythm NextGen SIEM Platform. The endpoint will detect and prevent malware through tested mathematical models on the host, independent of a cloud or signatures. CylancePROTECT® provides this telemetry to The LogRhythm NextGen SIEM Platform. LogRhythm then combines this information with other flow, event, and machine data, and performs real-time analytics to detect anomalies and indicators of compromised endpoints. This visibility ensures security teams are quickly alerted.

Cylance Axiom Alliances Program

To accelerate achieving these results, Cylance implemented a comprehensive framework to guide the growth and maturation of its strategic relationships. Cylance recognizes the need for tactical success to fuel mutual investment.

Cylance executes on a straightforward engagement model to drive short term wins and build momentum for relationships within its alliance partners and the customer community. This model successfully activates relationships and builds momentum to drive growth.

  • More information on the program is available HERE.