Blog

How Far Cyber Criminals Will Go to Get Your PII

Everyone who works in security deals with phishing emails to some extent—some more than others. In fact, most of us in the security industry see so many phishing attacks on a daily basis that they are not all that interesting anymore. However, every once in awhile, a scammer will actually take the time to prepare and deploy more believable campaigns and target personally identifiable information (PII) in a more persistent way.

Read More

Do You Know Your Network?

Knowing what or who is on your network at work and at home is all too important. See how I detected unauthorised application communication via NetMon Freemium.

Read More

Five Steps to Defend Against Ransomware

Understanding what happens at each phase of a ransomware attack, and knowing the IOCs to look for, increases the likelihood of being able to successfully defend against—or at least mitigate the effects of—an attack.

Read More

How to Detect and Respond to Ransomware: A Video Use Case

Imagine you're going about your day, and then you see it—an alarm in the LogRhythm Security Intelligence Platform that ransomware has been detected by the AI Engine. But how? And what has been detected? Watch the video demo to learn how you can automate incident response for ransomware threats.

Read More

The Analyst Perspective on SIEM and Security Analytics

Gartner is wrapping up their annual Security & Risk Management Summit just outside of Washington D.C. today. It's been a week of resonance, validation and insight. As for Gartner's perspective, LogRhythm was recently ranked the no. 1 vendor in all three Critical Capabilities for Security and Information and Event Management (SIEM) Report (Threat Management, Compliance and SIEM).

Read More

Enhanced Windows Security Event Log Collection

Thanks to the tireless work of the LogRhythm engineering team to update our Agent, as well as the efforts from LogRhythm Labs to develop a new collection interface, you can now collect Windows Security Event Logs at unsurpassed processing speeds with up to 32 percent less storage. Not too shabby!

Read More

Indefinite Disabled User Detection

What's worse than the walking dead in real life? Zombie user accounts that suddenly have activity and intend to do harm to your organization. Not to worry! Cleaning up disabled accounts can be quite simple.

Read More

Using LogRhythm as a File Integrity Monitoring Honeypot

Suppose you wanted to find threat actors lurking on your network—probably a good idea, right? To do this, you need to devise a way to be notified of strange activity. The steps in this post will further assist you in detecting malicious users who are already on your network by leveraging a honeypot.

Read More

Using Deep Packet Analytics to Detect Personally Identifiable Information

Often, the key indicators of compromised PII aren’t available in traditional log or audit data. So just how can organizations actively monitor for potentially exposed or leaked PII? In this example, I’ll cover how the Deep Packet Analytics feature in LogRhythm’s NetMon can do just this—detecting and alerting on exposed or leaked PII by looking at network traffic.

Read More