Deploying NetMon Freemium at Home to Monitor IoT Devices
Why Monitor IoT Devices at Home? LogRhythm’s NetMon Freemium is a powerful and easy-to-use product, so why not fully realize its potential both at home and in the office? In-home Internet of Things (IoT) devices, such as sensors, lights, cameras,…
Read More
June 29, 2017
Using Deep Packet Analytics to Extract Specific Bytes
Why Extract Specific Bytes Out of a Packet? Pulling specific bytes out of a packet is the best way to get to the real truth of the content. Getting to this level of the content can help you in many…
Read More
June 27, 2017
Detecting Petya/NotPetya Ransomware
Posted by: LogRhythm Labs
Petya / NotPetya Poses Risk to Even Patched Systems On the morning of June 27, 2017, a new ransomware outbreak—similar to the recent WannaCry malware—was discovered in the Ukraine. The malware quickly spread across Europe, affecting varied industries such as…
Read More
June 27, 2017
PCI-DSS Compliance 3.2 Updates
Posted by: LogRhythm Labs
Whether you swipe it, chip it, tap it, or phone it in, if you are involved in capturing payments from a credit card, you are most likely required to comply with Payment Card Industry Data Security Standard (PCI-DSS) requirements. PCI-DSS…
Read More
June 20, 2017
Detect WannaCry Initial Exploit Traffic with NetMon
The WannaCry ransomware campaign is just the latest wave of malware to target exploits in core networking protocols. And you need to protect your network with advanced threat detection. The ransomware spreads to unpatched Windows systems (see Microsoft Security Bulletin…
Read More
May 17, 2017
Detecting WannaCry Activity on Sysmon-Enabled Hosts
If you are already using Microsoft Sysmon in your environment, then you might be wondering whether it is possible to detect WannaCry activity on your Sysmon-enabled Windows hosts. The answer is yes, and this blog will explain how! What is…
Read More
May 17, 2017
A Technical Analysis of WannaCry Ransomware
Posted by: LogRhythm Labs
Contributors to this in-depth research analysis include Erika Noerenberg, Andrew Costis, and Nathanial Quist—all members of the LogRhythm Labs research group. Summary Ransomware that has been publicly named “WannaCry,” “WCry” or “WanaCrypt0r” (based on strings in the binary and encrypted…
Read More
May 16, 2017
WannaCry Ransomware
WannaCry: What We Know It is worth noting that the first WannaCry infection was reported on February 10th then again on the 25th. We will refer to this as “version 1.” This did not have a widespread impact. On the…
Read More
May 15, 2017
How to Extract SCSM Log Files from a Remote Windows Host
Recently, a question was posed on the LogRhythm Community around how to extract the SCSM log from a remote Windows host. I put together a quick PowerShell script to extract not only the System Center Service Manager (SCSM) log file,…
Read More
April 24, 2017
Analysis of Shamoon 2 Disk-Wiping Malware
Posted by: LogRhythm Labs
Shamoon 2 Malware Background On August 15, 2012, a Saudi Arabian energy company was infected with disk-wiping malware in a targeted attack. The malware, known as either “Shamoon” or “DistTrack,” reportedly infected nearly 30,000 machines at the company in this…
Read More
April 20, 2017
Free Security Awareness Posters (You’ll Actually Want to Use)
Part 1: Passwords and Passphrases Building a corporate security awareness program can be as challenging as it is rewarding. Employees are the most targeted resource within an organization, but they are also the first line of defense. Often times, employee…
Read More
April 13, 2017
Five Things to Consider When Building a Security Operations Center (SOC)
A security operations center (SOC) is becoming an absolute necessity when defending your organization from damaging cyber-attacks. A SOC is the centerpiece of a company’s security operations, as it serves as a critical IT center in which to mitigate cyber…
Read More
April 4, 2017
How to Sell Your Cybersecurity Strategy to the Board: An Interview with James Carder
James Carder brings more than 19 years of experience working in corporate IT security and consulting for the Fortune 500 and U.S. government. As CISO and Vice President of LogRhythm Labs, he develops and maintains the company’s security governance model…
Read More
March 20, 2017
Understanding Insider Threats With UEBA
Insider threats pose significant risks to your organization. Their actions are difficult to detect and many incidents take months or longer to discover. The key to defending against this class of threats is to understand the who, the why, and…
Read More
March 2, 2017
Free Training: Brush Up on Your Deep Packet Analytics Rules and Dashboards
Your network is full of extremely valuable data that can be used to improve both security and operations. Unfortunately, due to the sheer volume of data, it can be difficult to effectively monitor and understand everything on your network. That…
Read More
February 23, 2017
Passive Discovery and Exploitation of Open SMB Shares
Server Message Block (SMB) shares are a critical component to most organizations—allowing for a central repository of files and other items that people need to access and share to do their jobs. Often, organizations will have multiple file shares in…
Read More
January 24, 2017
User Threat Detection—There’s a Module for That
Posted by: Matt Willems
End-user behavior can be difficult to baseline and monitor. Users often click on suspect links, open unknown attachments, and unknowingly expose the organization to risk. Where traditional analytics and perimeter defenses fall short, LogRhythm’s User and Entity Behavior Analytics (UEBA)…
Read More
January 19, 2017
The Top 8 Things to Analyze in Your Network to Detect a Compromised System
Back in August, I had an amazing conversation with Randy Franklin Smith of Ultimate Windows Security during a webinar. We talked about how to identify a number of security scenarios simply by looking at network traffic. If you missed the…
Read More
December 9, 2016