“A security information and event management solution collects data with the goal of providing complete visibility across an organization’s entire environment to detect and respond to cyberthreats swiftly.”
Hi, Andrew. Welcome to our Interview Series. Please tell us a little bit about your journey and what inspired you to start at LogRhythm.
I joined the LogRhythm team back in in 2012, driven by an interest in the ever-changing nature of cybersecurity and using machine-based analytics to solve security challenges. Since then, I have been involved in a number of roles at LogRhythm, with the most recent being Chief Information Security Officer (CISO) where I oversee the overall leadership of LogRhythm’s security program, as well as directing research in the areas of Threat and Compliance.
The threat landscape is constantly evolving and the complexity of networks is always increasing, and LogRhythm is at the frontline defending against advancing cyberattacks. This commitment to protecting organizations is one of the main reasons I started my journey with LogRhythm and continues to inspire me to fight cyber threats today.
What is SIEM and how has it evolved in the last 3 years?
At its most fundamental level, a security information and event management (SIEM) solution collects data with the goal of providing complete visibility across an organization’s entire environment to detect and respond to cyberthreats swiftly. It allows organizations to efficiently collect and analyze log data, security alerts and events from all of their digital assets and provide real-time analysis for security monitoring.
While SIEM solutions have been around for over a decade, its delivery model and capabilities have evolved significantly to meet modern security needs.Over the last few years, we’ve seen more demand for cloud based delivery of SIEM, as well as the requirement to integrate with other cloud based offerings. SIEM must continually evolve in step with the ever changing threat landscape, and as approaches such as Zero Trust have gained more traction, SIEM has become even more important in providing that continual monitoring element.
Read More: CIO Influence Interview with Gee Rittenhouse, Chief Executive Officer at Skyhigh Security
With the rise of AI and machine learning capabilities, what is the future of SIEM platforms?
Given the cybersecurity skills gap, and the continually changing threat landscape, security operations teams will benefit greatly from these capabilities. Whilst some predict the rise of the autonomous Security Operations Centre (SOC), I see the value of AI and ML capabilities in assisting the SOC analyst rather than replacing them.
Leveraging these technologies to provide the SOC analyst with a more complete description of the threat that is currently in progress, and recommending the next steps that should be taken will provide high value, particularly to junior analysts. These technologies will become an integral part of the future SIEM, as they deliver tangible value directed towards the outcome of reducing time to investigate and respond.
Additionally, ML approaches allow for changes in user and entity behavior to be surfaced across large datasets or long time periods, which simply isn’t possible with deterministic approaches. This will allow changes in behavior to be correlated with other signals in the environment enabling earlier detection of difficult to detect activities, such as insider threats.
Automation and analytics in cybersecurity has always been a big passion of mine and now is an exciting time for SIEM evolution. In the next few years, the use of AI and ML technology will only increase as more organizations start to explore its capabilities.
I look forward to seeing how it will continue to transform our approach to tackling modern threats.
Could you tell us the most exciting aspect of working in these domains and staying on top of your game?
Cybersecurity is a fast-paced industry which provides a continuous journey of adaptation and evolution. I find the endless potential for exploring technologies in the cybersecurity space a major aspect of the interest of my role.
In terms of analytics, ML holds a lot of opportunity to transform the future of cybersecurity as we know it. Machine-based analytics offer much better capabilities than humans can deliver when it comes to recognizing and classifying certain types of patterns. I see it as a powerful approach to understanding malicious behavior and spotting unusual activity that could indicate an attack.
Another area in cybersecurity that excites me is Zero Trust. We’ve heard about Zero Trust for years, yet the strategy has been slow to drive adoption. Thanks to growing demand for cloud services and the introduction of new working patterns, Zero Trust is gaining momentum and as a result more organizations depend on continuous monitoring as a critical plank of their cybersecurity strategy.
Staying on top of the threat landscape is an ongoing challenge – and the effort to stay ahead of threat actors motivates me to ensure we are exploring the most cutting-edge cybersecurity innovations.
How did the pandemic change the threat landscape?
The pandemic brought about a significant shift in the cybersecurity threat landscape. We saw the rapid adoption of new ways of working, with compromises perhaps being made to security for the sake of expediency. Post pandemic we’ve seen more organizations adopt hybrid working models. All this has opened up opportunities for threat actors, and we are seeing them focus in on digital collaboration tools and identity compromise.
Increased digital communication creates an expanded landscape for bad actors to “hide in plain sight”. They rely on employees being less attentive to detail in disparate work settings and inadvertently clicking on malicious links.
There are many tools for detecting and mitigating phishing attacks, yet none of them are a silver bullet. We’ll always rely on the human element to tackle these threats and with the apparently permanent change to ways of working, organizations will need to be extra vigilant when it comes to checking for suspicious content.
What is LogRhythm and what are your core offerings? What is your vision for the company and the industry in general?
Founded in 2003, LogRhythm supports security teams with an award-w****** SIEM platform to protect organizations, employees and customers from the biggest cyberthreats.
LogRhythm provides a comprehensive platform with a wide range of functionality including security analytics; network detection and response (NDR); user and entity behavior analytics (UEBA); and security orchestration, automation, and response (SOAR).
LogRhythm is on the frontline tackling cyberthreats and empowers organizations to navigate an ever-changing threat landscape with confidence. The work we do is underpinned by our vision to enable overwhelmed security teams to confidently defend against digital weaponization. In doing so, our goal is to contribute to strengthening the cybersecurity industry as a whole by providing the tools and expertise to fight emerging threats.
Please tell us a little bit about your IT stack and how it has evolved in the last 2 years to support your operations?
We have been proponents of the Zero Trust approach for some years, and our security stack reflects that underlying strategy. We continue on the Zero Trust journey and have evolved both technology and process in support of that approach. This includes leveraging all of our own product offerings in our security operations.
In common with many other organizations, we moved to predominantly remote working during the pandemic, the investment we had previously made in a Zero Trust strategy facilitating an almost seamless transition. Optimizing workflows and integrating across product offerings continue to be a focus as we look to the future.
Read More: CIO Influence Interview with Chris Lubasch, Chief Data Officer & RVP DACH at Snowplow
What kind of IT infrastructure does a CIO/ CISO of a data-driven company need today to secure assets and resources? Your take on advancing technologies in Edge computing, AIOps and IT security:
Securing against modern threats requires a multi-layered security approach. According to recent LogRhythm research, 67% of security professionals indicated their company had lost a business deal due to the customer’s lack of confidence in their security strategy.
To effectively secure mission critical data and ensure business continuity, CISOs need to start by doing the basics well. Building a security program is not just about the latest technology innovations, but requires careful consideration of the threat landscape as it is relevant to the whole business, as well as an understanding of the key assets of the business that need protection. A centralized SIEM platform brings broad visibility across the assets wherever they are, and can help surface cyber threats and risks organizations weren’t previously aware of.
Please tell us about the major milestones you manage to achieve in 2022.
2022 was another year of monumental growth for LogRhythm. In H2, we focused our efforts on empowering security teams to navigate the ever-changing threat landscape through our quarterly releases across all our platforms. A key part of this included the launch of LogRhythm Axon, our cloud-native platform that has been built from the ground up to help overwhelmed security teams defend against cyberattacks effectively and efficiently.
Multiple updates to LogRhythm SIEM, NDR and UEBA also provide new features designed to help security teams overcome everyday challenges by accelerating threat response, improving workflows and simplifying processes.
Easing the burden for security teams is a priority we will continue focusing on in 2023. This quarter we have already expanded our capabilities and integrations for our Axon, SIEM, NDR, and UEBA solutions to support overwhelmed security teams. This includes the latest version of LogRhythm SIEM as part of our quarterly promises to deliver new features and innovation for our customers.
What inspired you to expand your infosec capabilities for the IT industry? How can CIOs and CISOs benefit from your latest enhancements?
As the business environment continually changes and evolves, this has a direct impact on the threat landscape, and security teams struggle to keep pace. As a customer obsessed organization, we want to help those teams to efficiently and effectively secure their organizations, and to that end we have established our quarterly cadence of releases.
In a time where organizations are having to carefully consider their budgets, CIOs and CISOs benefit from capabilities to support overwhelmed security teams and tackle the cybersecurity skills gap. Our latest enhancements and integrations have been deployed with the goal of simplifying the lives of security analysts and enabling them to detect threats faster through seamless visibility, enhanced collection, and an intuitive analyst experience.
What AI initiatives are you currently focusing on and why? Please tell us more about AI-powered cloud security strategies and how it could solve the problems that larger enterprises face today with advanced SIEM solutions?
We are always looking for ways we can provide a more powerful security experience to our customers. AI-powered technology is still in the early stages, but I see it as a having a huge impact on the future of cybersecurity. Augmenting the SOC analyst with timely and relevant context as well as leveraging machine learning across large datasets are some of the areas where the most impact will likely be seen. Furthermore, leveraging learning models to understand the environment and offer up additional capabilities based on elements within that environment, or directly driving detections are interesting areas. For example, if a server holding critical financial data can be automatically identified through machine learning, then use cases around unauthorized or unusual devices accessing that server becoming immediately more relevant and interesting.
What are your predictions on the future of IT DevOps and Predictive analytics platforms in SIEM? What role you foresee for a company like LogRhythm in in this area?
As the threat landscape continues to evolve, it’s crucial that SOC teams are able to combat new and emerging threats in ways that can offer them scalable visibility, detection, investigation, and response across their entire network.
And truly it is that wide visibility across the entire environment which is so critical and where SIEM really does deliver. The evolution of SIEM will continue as both new challenges and new technology capabilities emerge, whilst the underlying foundations remain the same. Ultimately it is the outcome that organizations are interested in, and the relevant question is whether an emerging technology helps reduce the risk of suffering a damaging data breach, versus whether it is the latest buzzword that is sweeping through the industry. SIEM vendors that are customer obsessed and keep their eye on this p**** of delivering on outcomes will succeed in meeting their customer expectations as well as leading the way on innovation.
Read More: CIO Influence Interview with Tyler Farrar, Chief Information Security Officer at Exabeam
Thank you, Andrew! That was fun and we hope to see you back on cioinfluence.com soon.
[To participate in our interview series, please write to us at sghosh@martechseries.com]
Andrew has over 25 years’ experience in software, infrastructure, and security roles in both the private and public sector. He joined the LogRhythm team in 2012 with a keen interest in using machine-based analytics to solve cyber security problems. He maintains a close interest in this area, contributing content, expertise, and vision to the ongoing development of the company’s roadmap and platform offerings.
LogRhythm helps busy and lean security operations teams save the day — day after day. There’s a lot riding on the shoulders of security professionals — the reputation and success of their company, the safety of citizens and organizations across the globe, the security of critical resources — the weight of protecting the world.
LogRhythm helps lighten this load. The company is on the frontlines defending against many of the world’s most significant cyberattacks and empowers security teams to navigate an ever-changing threat landscape with confidence. As allies in the fight, LogRhythm combines a comprehensive and flexible security operations platform, technology partnerships, and advisory services to help SOC teams close the gaps. Together, LogRhythm is ready to defend.
