LogRhythm Labs

Five Things to Consider When Building a Security Operations Center (SOC)

A security operations center (SOC) is becoming an absolute necessity when defending your organization from damaging cyber-attacks. A SOC is the centerpiece of a company’s security operations, as it serves as a critical IT center in which to mitigate cyber…

Read More

How to Sell Your Cybersecurity Strategy to the Board: An Interview with James Carder

James Carder brings more than 19 years of experience working in corporate IT security and consulting for the Fortune 500 and U.S. government. As CISO and Vice President of LogRhythm Labs, he develops and maintains the company’s security governance model…

Read More

Understanding Insider Threats With UEBA

Insider threats pose significant risks to your organization. Their actions are difficult to detect and many incidents take months or longer to discover. The key to defending against this class of threats is to understand the who, the why, and…

Read More

Free Training: Brush Up on Your Deep Packet Analytics Rules and Dashboards

Your network is full of extremely valuable data that can be used to improve both security and operations. Unfortunately, due to the sheer volume of data, it can be difficult to effectively monitor and understand everything on your network. That…

Read More

Passive Discovery and Exploitation of Open SMB Shares

Server Message Block (SMB) shares are a critical component to most organizations—allowing for a central repository of files and other items that people need to access and share to do their jobs. Often, organizations will have multiple file shares in…

Read More

User Threat Detection—There’s a Module for That

End-user behavior can be difficult to baseline and monitor. Users often click on suspect links, open unknown attachments, and unknowingly expose the organization to risk. Where traditional analytics and perimeter defenses fall short, LogRhythm’s User and Entity Behavior Analytics (UEBA)…

Read More

The Top 8 Things to Analyze in Your Network to Detect a Compromised System

Back in August, I had an amazing conversation with Randy Franklin Smith of Ultimate Windows Security during a webinar. We talked about how to identify a number of security scenarios simply by looking at network traffic. If you missed the…

Read More

Detecting the BlackNurse DDoS Attack with LogRhythm NetMon

The security operations center (SOC) at Danish telecoms operator TDC recently published a report with regards to an ICMP based DoS/DDoS style of attack. This attack effectively makes use of ICMP type 3 and code 3 crafted packets to drain…

Read More

Detecting Home Network Issues with Network Monitor

I’ve been running a test Network Monitoring (NetMon) Mini device at home for the past few weeks and, up until recently, I didn’t notice anything “unexpected” on my home network. Figure 1: Miniature NetMon Home Appliance (Click on images to…

Read More

Building Resilience in Critical Infrastructure

Disrupting Critical Infrastructure: A Potential New Form of Warfare It’s National Cyber Security Awareness Month, and the theme for the final week is “Building Resilience in Critical Infrastructure.” So why is this a focus for the National Cyber Security Alliance?…

Read More