Keeper gives LogRhythm access to password logs (Image Credit: Gerd Altmann from Pixabay )LogRhythm has signed Keeper Security as a Technology Alliance Partner. The partnership means that LogRhythm will add Keeper’s password event data into its SIEM platform. It is not clear who will do the integration – Keeper or LogRhythm. Either way, security teams now have visibility into how users are utilising one of the most popular password managers around.

Poor password security is regularly cited as the top cause of data breaches. The Verizon Data Breach Investigations Report (registration required) claims that 80% of hacking breaches are caused by passwords. This is a mix of poor password security including weak passwords, reused passwords and stolen credentials.

Craig Lurey, Chief Technology Officer and Co-Founder at Keeper (Image Credit: LinkedIn)
Craig Lurey, Chief Technology Officer and Co-Founder at Keeper

Craig Lurey, Chief Technology Officer and Co-Founder at Keeper said: “Using tools like focused, summary trend data and real-time notifications of risky or unusual behaviors, enterprises can mitigate the threat of an internal or external attack with actionable insights.” 

Password issues are not going away any time soon. A lot of apps and systems are not designed for multi-factor authentication. This means that security and compliance teams need better visibility into a wide degree of metrics around password usage and maintenance.

What does this mean for LogRhythm?

As password complexity has increased users have chosen to cache passwords in browsers or store them in files on their computers. To reduce the risk that brings, there has been a significant rise in the number of users taking advantage of password vaults such as Keeper. The problem for a lot of organisations is being able to relate the information from the logs of password vaults to their SIEM solutions.

Mike Jones, Vice President of Product at LogRhythm (Image Credit: LinkedIn)
Mike Jones, Vice President of Product at LogRhythm

According to Mike Jones, Vice President of Product at LogRhythm: “Passwords are powerful. Jeopardized passwords are dangerous. If a cybercriminal gets access to even one set of credentials, that can set them up to have unfettered access to an organization’s environment.

“Nobody wants to be left wondering if they’re doing all they can to protect this data. That’s why we’re thrilled to partner with Keeper: so we can offer peace of mind to our customers that their password data is as secure as possible.”

This is where this partnership comes in. By adding LogRhythm to the group of SIEMs that are supported by Keeper, it allows it to share log data. Keeper says that it tracks 80 different password-related events. 75 of these are part of its event timeline. For those security teams tracking an incident, this means deep granularity into what happened with any user and their passwords.

Compliance teams also benefit. Many have created strong password rules internally but have no control over partners and the supply chain. Being able to spot where a partner is out of compliance and regularly audit passwords is a necessity. Keeper claims to provide those reports which means they can be added into other compliance audits and reports.

Enterprise Times: What does this mean?

Anything that improves the quality of password security is to be welcomed. Password vaulting solutions such as Keeper have removed several weak points in how users store and maintain passwords. Integrating all the logs from Keeper into LogRhythm means that security teams can also see how well users maintain their passwords. In addition, that data will help incident response and forensic teams to understand what role passwords play in a breach.

However, there is a caveat here. Security teams are drowning under the sea of data being absorbed by SIEM systems. The volume of data is fast reaching a level where it impedes real-time security and is only useful for post event analysis.

Keeper is offering to bring up to 80 new events to the LogRhythm SIEM. What many will ask is how will that information be surfaced? Will security teams have to build new dashboards to handle the Keeper logs? Will Keeper and/or LogRhythm deliver new tools to automate some of the analysis? Without the latter, this is about removing silos not necessarily improving day to day security.

One further question remains, will LogRhythm go for even deeper integration by acquiring Keeper Security?

LEAVE A REPLY

Please enter your comment!
Please enter your name here