Proposed Incentives for Adopting the Cybersecurity Framework
LogRhythm has been involved in the authoring of the Cybersecurity Framework as outlined in one of my previous blog posts. Although the framework is still being drafted, and won’t be released for public comment until later in the year, the White…
Read More
August 8, 2013
Some Thoughts on Black Hat and DEFCON
After attending Black Hat and DEFCON this year, I noticed that there wasn’t an overarching theme, like the Cloud, APTs or Big Data that prior years have seemed to focus on. Given the recent disclosures about NSA surveillance programs, privacy was…
Read More
August 3, 2013
Connecting the Dots
This year I was fortunate enough to be able to attend the Black Hat 2013 conference in Las Vegas. The opening keynote by General Alexander set the mood for what I think will be a common trend throughout the rest…
Read More
August 1, 2013
Don’t Forget Your People
I spend almost 25% of my week working in LogRhythm’s security operations center (SOC). The SOC is responsible for monitoring, reporting and mitigating any security event on our worldwide network. While in the SOC, the expectation is to treat anyone…
Read More
April 30, 2013
Accept the Right, Deny the Wrong: Add Flexibility to your Juniper Firewall
03 19 2013 19:10:40 10.128.68.92 Juniper: 2013-03-19 19:10:40 – JuniperFirewall01 – [] ()[Standard User Profile] – Requesting user to confirm access to invalid SSL site – Host: 10.1.0.50, Port: 443, Request: GET /index.php HTTP/1.1 Here’s an interesting event we caught…
Read More
April 25, 2013
Detecting Session Hijacking with LogRhythm’s Advanced Intelligence Engine
When a client authenticates with a Web application, a session is established. Usually a unique, pseudo-random session ID is generated and passed from the client to the Web application with each HTTP request that is made. This session ID might be…
Read More
March 20, 2013