Posted by: Matt Willems

Security analysts are constantly challenged to investigate security incidents and mitigate them quickly. But does your security operations center (SOC) have the full picture of what’s occurring in the environment to remediate the impact of a false negative? LogRhythm is…

April 5, 2021

Posted by: Melissa Garza

The first quarter of 2021 went by so quickly! The whirlwind of 2020 brought its challenges, yet as we dive into 2021 — more resilient and mutually committed to our common goals — I am confident that LogRhythm can tackle…

April 1, 2021

Posted by: Brian Coulson

TL;DR First and foremost, apply patches to the Exchange infrastructure. Assume compromise. It’s been reported that the attackers launched a massive compromise attack against 60,000+ Exchange Servers before patches became available, and many other attackers are actively looking for exploited…

March 17, 2021

Posted by: Dan Crossley

How Process Creation Events Can Be Centralized for Ease of Analysis Process creation events are written to the Windows Event Log on the local endpoint where they are generated. This raises an obvious issue for defenders looking to proactively review these…

March 15, 2021

Posted by: Kelsey Gast

What is SIEM? SIEM stands for security, information, and event management. SIEM technology aggregates log data, security alerts, and events into a centralized platform to provide real-time analysis for security monitoring. Security operation centers (SOCs) invest in SIEM software to…

March 12, 2021

Security professionals are widely adopting MITRE ATT&CK™ for network threat hunting. ATT&CK stands for Adversarial Tactics, Techniques and Common Knowledge, and it represents a globally accessible information base of adversary tactics and techniques based on real-world observations. MITRE ATT&CK provides…

February 26, 2021