Hackers are constantly looking for ways to bypass traditional network defenses, and exploiting the Internet Control Message Protocol (ICMP) as a covert channel for a reverse shell is a commonly used method for attack. However, you can use LogRhythm’s NetMon to identify PowerShell tunneling through an ICMP.
Read More No matter how old a internet protocol is, you must still consider it in your security operations program. Learn how to analyze ICMP traffic with NetMon.
Read More The SIEM is a great central aggregate for case data and analytics, but also has the ability to give your team back valuable time if you take advantage of automation. LogRhythm’s SmartRepsonse tegrates with project-management tools to create automated responses and ease your team’s workload.
Read More Wouldn’t it be great if you could be notified of SIEM alarms through the Internet of Things? Well, now you can! Introducing the Philips Hue SmartResponse and PowerShell script.
Read More In response to the recent WannaCry and Petya/NotPetya cyberattacks, see how LogRhythm can help you implement or validate your prevention strategy.
Read More Although initially labeled as ransomware due to the ransom message that is displayed after infection, it appears now that NotPetya functions more as a destructive wiper-like tool than actual ransomware. This post reviews an in-depth technical analysis of NotPetya, including recommended security measures.
Read More It is now extremely pertinent to be vigilant about the embedded systems used throughout your home. With NetMon Freemium, you can download and run this software on a micro-PC. This means you can fully monitor your home network IoT devices quickly and easily, for little to no cost.
Read More One of the hidden features of NetMon's deep packet analytics (DPA) language is that you can extract specific bytes out of a packet inside of a packet rule. Although NetMon classifies over 3,100 applications and extract many thousands of metadata fields, there is always more to learn about network traffic. In this post, you'll learn the proper techniques for extracting specific bytes out of a network packet using DPA.
Read MoreOn the morning of June 27, 2017, Petya, a new ransomware outbreak—similar to the recent WannaCry malware—was discovered in the Ukraine. The malware quickly spread across Europe. This post discusses the TTPs of Petya / NotPetya and how to detect it using LogRhythm AI Engine rules.
Read MoreWhether you swipe it, chip it, tap it, or phone it in, if you are involved in capturing payments from a credit card, you are most likely required to comply with Payment Card Industry Data Security Standard (PCI-DSS) requirements. PCI-DSS is in a transitional phase in which version 3.1 is the accepted standard, with all participants moving to the 3.2 standards by January 2018. Although 3.2 is only a minor number change, there are numerous differences between the new version of PCI-DSS and the old one.
Read More