LogRhythm Labs

How to Build a Miniature Network Monitor Device

Collaboration between Greg Foss, Kjell Hedstrom, Dan Schatz-Miller, Michael Swisher, and Craig Cogdill LogRhythm NetMon is a powerful forensics tool that allows organizations to capture, analyze, and alert on network data. Traditionally, NetMon is deployed on a blade server within…

Read More

LogRhythm Challenge: Black Hat 2016

Collaboration between, Greg Foss, Nathaniel “Q” Quist, and Michael “Swish” Swisher For the LogRhythm Challenge at Black Hat USA this year, we wanted to give participants the opportunity to use several different analytic skills in their attempt to beat the…

Read More

Who is Listening in on Your Network?

The Threat of Data Exfiltration with Packet Capture Software With the sheer volume of network traffic and the variety of applications that travel across a typical network these days, it is not surprising how easy it is to gather high-value…

Read More

Detecting Beaconing Malware with Network Monitor

The Difficulty in Detecting Beaconing Malware When it comes to threat detection, you’re taking great measures to protect your organization. Yet threats, such as malware, keep getting in despite the network monitoring tools and enterprise threat detection solutions you have…

Read More

How Far Cyber Criminals Will Go to Get Your PII

Notice: LogRhythm always recommends using a sandbox or other “safe” method when testing or investigating known malicious sites. Phishing for Personally Identifiable Information (PII) Everyone who works in security deals with phishing emails to some extent—some more than others. In…

Read More

Five Steps to Defend Against Ransomware

Over the past three years, ransomware has jumped into the spotlight of the cyberthreat landscape. Until recently, most ransomware attacks were simply opportunistic and mostly affected individual users’ or small businesses’ computers. The ransom demands have commonly been the equivalent…

Read More

SMS Alerting Via SmartResponse

The Problem Security analysts can’t always dedicate their time to monitoring the security operations center (SOC), nor do they always check the alerts that they receive via email, due to various reasons. Also, some alerts are simply more important than…

Read More

10 Things to Watch: Detecting a Phishing Email

In the last few weeks, our LogRhythm Labs team has been talking about how to defend against ransomware and phishing attacks. These topics seem to be at the forefront of the concerns of security professionals. Ransomware infections are often instigated…

Read More

The State of Ransomware: How to Prepare for an Attack

This blog is co-authored by LogRhythm Labs Incident Response Engineer Nathaniel “Q” Quist and Threat Intelligence Engineer Matt Willems. Ransomware is currently one of the most widespread and highest-publicized threats on the Internet. Over the last few years, we’ve seen…

Read More

Harnessing Your SIEM for Cyberthreat Intelligence

In the world of cybersecurity, cyberthreat intelligence (CTI) burst on to the scene in a big way in 2015. Everyone wants useful data and analytical tools for next-gen cybersecurity in order to detect and respond to threats faster. The industry…

Read More