LogRhythm has been involved in the authoring of the Cybersecurity Framework as outlined in one of my previous blog posts. Although the framework is still being drafted, and won’t be released for public comment until later in the year, the White…

August 8, 2013

After attending Black Hat and DEFCON this year, I noticed that there wasn’t an overarching theme, like the Cloud, APTs or Big Data that prior years have seemed to focus on. Given the recent disclosures about NSA surveillance programs, privacy was…

August 3, 2013

This year I was fortunate enough to be able to attend the Black Hat 2013 conference in Las Vegas. The opening keynote by General Alexander set the mood for what I think will be a common trend throughout the rest…

August 1, 2013

I spend almost 25% of my week working in LogRhythm’s security operations center (SOC). The SOC is responsible for monitoring, reporting and mitigating any security event on our worldwide network. While in the SOC, the expectation is to treat anyone…

April 30, 2013

03 19 2013 19:10:40 10.128.68.92 Juniper: 2013-03-19 19:10:40 – JuniperFirewall01 – [] ()[Standard User Profile] – Requesting user to confirm access to invalid SSL site – Host: 10.1.0.50, Port: 443, Request: GET /index.php HTTP/1.1 Here’s an interesting event we caught…

April 25, 2013

When a client authenticates with a Web application, a session is established. Usually a unique, pseudo-random session ID is generated and passed from the client to the Web application with each HTTP request that is made. This session ID might be…

March 20, 2013