Professional Documents
Culture Documents
Detecting Zero Day Exploits Use Case
Detecting Zero Day Exploits Use Case
When an exploit can come from anywhere, prevention and remediation require a true, global window not only into
security specific event data, but operations as well. Zero day exploits are best identified by automatically recognizing
aberrant behavior, and immediately alerting administrators.
Customer Challenge
Zero day exploits cannot be detected A sophisticated attack can be very A zero day exploit can impact any
by conventional means, such as anti-malware subtle and specific details can go source – frequently an unwitting
or IDS/IPS devices, because unidentified for days or weeks without internal user or system. Locating
signatures have not yet been created. the proper tools to identify the cause the source is a near impossible task
Without specific detection capabilities, and impact of an attack. without the forensics capabilities to
security administrators have to rely on identify relevant detail.
behavior-based detection methods.
LogRhythm Solution
LogRhythm can alert administrators LogRhythm allows administrators to LogRhythm provides multiple options
on anomalous behavior, such as any run a live Tail on outbound internet for conducting forensic investigations
unauthorized outbound internet activity on activity. Administrators can easily to quickly identify the source of the
non white-listed ports. pinpoint specific activities, such as zero-day exploit. Users have the option
significant communication with a to search for focused data points, or
single, unknown Destination IP. to use visual trending and analysis to
identify behavior patterns and instantly
drill down into specific event details.
Additional BENEFITS
Once a general alert is received indicating Tail can be quickly configured based Investigations provide the specific detail
that an exploit has occurred, alarm rules on any criteria, using LogRhythm’s required for administrators to contain a zero
can be easily modified to incorporate more simple and intuitive wizard-based day exploit, and can be saved for future use
specific behavior patterns to respond more setup. Any Tail can be saved for future to respond to similar breaches or to rapidly
quickly to similar behavior. use, providing users with a straightforward discover other points of infection.
and instantaneous method for recognizing
and monitoring repeat incidents.
WWW.LOGRHYTHM.COM