Blog

LogRhythm Blog

Check out the latest security tips and tricks, news, and insights and join in the conversation

Detecting Rogue Svchost Processes

The Challenge Malware authors may attempt to hide their processes “in plain sight” by calling them the same name as some common Windows processes. Very commonly, “svchost.exe” has been used for this purpose. It is difficult to catch this by…

Read More

LogRhythm Precision Search: An Unstructured Journey

According to Wikipedia, unstructured data (or unstructured information) refers to information that either does not have a pre-defined data model or is not organized in a pre-defined manner. Unstructured information is typically text-heavy, but it may also contain data such…

Read More

Agent SmartResponse Host Checking

The Problem How can you find out if a SmartResponse™ plug-in using PowerShell will run on a specific System Monitor Agent host? Also, with what user context will the SmartResponse plug-ins execute? Windows PowerShell execution policies let you determine the…

Read More

A Deeper View into the Threat Landscape

The threat landscape hasn’t really changed, except for a few minor adjustments. We are still seeing nation state threat actors, financial crime groups, hactivism (though that has been receiving less press lately), terrorist organizations and commodity threats (e.g., CryptoLocker). The…

Read More

Detecting the Juniper Netscreen OS Backdoor

##The Challenge Juniper issued an advisory on December 18th indicating that they had discovered unauthorized code in some versions of the ScreenOS software that powers their Netscreen firewalls. The advisory covers two issues: One was a backdoor in the VPN…

Read More

See what we've been working on...

See how we're delivering on promises to better serve our customers