I spend almost 25% of my week working in LogRhythm’s security operations center (SOC). The SOC is responsible for monitoring, reporting and mitigating any security event on our worldwide network. While in the SOC, the expectation is to treat anyone…
Read MoreApril 30, 2013
03 19 2013 19:10:40 10.128.68.92 Juniper: 2013-03-19 19:10:40 – JuniperFirewall01 – [] ()[Standard User Profile] – Requesting user to confirm access to invalid SSL site – Host: 10.1.0.50, Port: 443, Request: GET /index.php HTTP/1.1 Here’s an interesting event we caught…
Read MoreApril 25, 2013
When a client authenticates with a Web application, a session is established. Usually a unique, pseudo-random session ID is generated and passed from the client to the Web application with each HTTP request that is made. This session ID might be…
Read MoreMarch 20, 2013
Following the UK Conservative Party Conference this week, many headlines honed in on the government’s plan to create a battalion of cyber reserves to protect the country from online attacks. There is an ongoing cyber security skills shortage in the…
Read MoreMarch 10, 2013
A colleague of mine recently asked me to take a look at some logs he was investigating. The LogRhythm Web Application Defense Module had initially keyed him into the suspicious behavior and he was now examining the raw logs to…
Read MoreFebruary 22, 2013
The U.S. Federal Government has expanded their service offerings by outsourcing infrastructure to cloud-based services providers. The use of cloud-based services comes with inherent risk. However, the Federal Office of Management and Budget (OMB) has been working diligently over the…
Read MoreFebruary 4, 2013
