LogRhythm and Ultimate Windows Security Demonstrate the Value of AppLocker to Detect New Events for Security Analytics

Dec 10, 2015, 08:00 ET from LogRhythm

BOULDER, Colo., Dec. 10, 2015 /PRNewswire/ -- During an upcoming webinar, LogRhythm, The Security Intelligence Company, and Ultimate Windows Security (UWS), a site devoted to spreading knowledge and understanding of Windows security, IT auditing and compliance, will demonstrate the value of AppLocker to monitor events and detect new events on the endpoint for security analytics. UWS's Randy Franklin Smith and LogRhythm's Erick Ingleby lead the webinar on Tuesday, December 15, at noon ET.



"Implementing Windows AppLocker in Audit Mode for Immediate Detection of Unauthorized Programs, Scripts and Software Installation"


Tuesday, December 15, 2015, 12:00 p.m. ET


Erick Ingleby, LogRhythm product manager; Randy Franklin Smith, UWS Windows security subject matter expert




AppLocker is Window's built-in application whitelisting technology. Very few organizations have implemented AppLocker in enforcement mode because of the challenges and reputation of whitelisting. Yet, AppLocker still has value and supports two different modes:

  • Enforcement mode, to prevent non-whitelisted apps, scripts, installers and store apps
  • Audit mode, to log any non-whitelisted software but doesn't stop it from running

Audit mode, and the events it generates, provides an effective way to know immediately when anything new runs on the network without collecting a tremendous amount of events from every endpoint. The good news is that it only takes a couple of minutes to produce the whitelist. When events about unauthorized software turn out to be legitimate, an organization needs to either improve its whitelist or add them to a SIEM-side filter.

In this session, Smith will discuss the value of AppLocker to detect unauthorized programs, scripts and software installation. Ingleby will demonstrate how LogRhythm can take automatic remediation measures on endpoints when unauthorized software is detected – including the immediate collection of additional evidence so that it will be ready for the security analyst to investigate.

About LogRhythm
LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company's award-winning platform unifies next-generation SIEM, log management, network monitoring and forensics, endpoint monitoring and forensics, security analytics and user, network and endpoint behavioral analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides innovative compliance automation and assurance, and enhanced IT intelligence.

Consistently recognized by third-party experts, LogRhythm has been positioned as a Leader in Gartner's SIEM Magic Quadrant report for four consecutive years, named a "Champion" in Info-Tech Research Group's 2014-15 SIEM Vendor Landscape report, ranked Best-in-Class in DCIG's 2014-15 SIEM Appliance Buyer's Guide, awarded the SANS Institute's "Best of 2014" award in SIEM and received the SC Magazine Reader Trust Award for "Best SIEM Solution" in April 2015. Additionally, the company earned Frost & Sullivan's Global SIEM/LM Market Penetration Leadership Award and was named a Top Workplace by the Denver Post. LogRhythm is headquartered in Boulder, Colorado with operations throughout North and South America, Europe and the Asia Pacific region.

Media Contact
Davida Dinerman

Logo - http://photos.prnewswire.com/prnh/20140917/146696


SOURCE LogRhythm