Detecting the Juniper Netscreen OS Backdoor
Posted by: Andrew Hollister
##The Challenge Juniper issued an advisory on December 18th indicating that they had discovered unauthorized code in some versions of the ScreenOS software that powers their Netscreen firewalls. The advisory covers two issues: One was a backdoor in the VPN…
Read More
December 29, 2015
What Do the Cyber Attacks of 2015 Tell Us About the Current State of IT Security?
Cybersecurity continued to be a problem for many companies in 2015, with several large financial institutions, retailers and insurance companies admitting to damaging breaches worth millions of dollars. The rise of cyber attacks is most likely here to stay. The…
Read More
December 22, 2015
10 Security Predictions for 2016
Posted by: LogRhythm Labs
As we approach 2016, security experts are reflecting on the cyber attacks of this year and making predictions as to what the threat landscape may look like in the coming months. This year, there will be innovative security initiatives, different…
Read More
December 22, 2015
Tracking Group Policy Changes: Part 3
Posted by: Andrew Hollister
This is the final part of the series on tracking group policy changes. As I have mentioned a couple of times, one thing that makes monitoring group policy changes difficult is the fact that Microsoft logs the GUID of the…
Read More
December 16, 2015
Security Measures Retailers Should Have in Place
Posted by: Andrew Hollister
It’s the most wonderful time of the year! As the rush towards Christmas continues and spending reaches fever pitch, those tasked with protecting retail networks, Point-of-Sale (POS) systems, and online shopping sites might be tempted to think it’s the most…
Read More
December 14, 2015
Tracking Group Policy Changes: Part 2
Posted by: Andrew Hollister
After reading my last post Tracking Group Policy Changes: Part 1, you may wonder what LogRhythm can do with the GPO change logs? Let’s take a look at how this is presented within LogRhythm. As I mentioned previously, LogRhythm has…
Read More
December 7, 2015
Tracking Group Policy Changes: Part 1
Posted by: Andrew Hollister
Following my earlier blog post, Unauthorized Use of Windows Administration Tools Use Case, one of our readers asked about methods for monitoring changes made to group policies. LogRhythm has built-in processing policies for almost any log imaginable in Windows and…
Read More
December 2, 2015
VirusTotal SIEM Integration
Without process whitelisting it’s tough for organizations to be sure of what is running on their hosts. Even with whitelisting, malware can masquerade under other files/processes and appear as something legitimate even though it’s really not the program it is…
Read More
November 24, 2015
SmartResponse Shell
Posted by: Andrew Hollister
LogRhythm’s SmartResponse™ is a powerful and flexible technology that has been further extended in LogRhythm 7 to allow actions to be executed on System Monitor Agents. These actions can be launched when an individual alarm is generated, on demand, or…
Read More
November 23, 2015
Detecting Rogue Processes in the Services Session
Posted by: Andrew Hollister
The Challenge PSExec is a powerful utility offered by Microsoft’s Sysinternals. It lets you execute processes on other systems without having to install anything manually. The tool interactively installs itself on the remote target machine, so you can redirect the…
Read More
November 12, 2015
Unauthorized Use of Windows Administration Tools Use Case
Posted by: Andrew Hollister
The Challenge Microsoft Management Console (MMC) hosts administrative tools that you can use to administer networks, computers, services and other system components. These tools are provided as plug-ins. Some of the common ones are Active Directory Users and Computers, DNS…
Read More
November 2, 2015
NetMon and SSL Proxy Integration
The Encryption Paradox Security experts universally agree that network traffic must be encrypted to be considered secure, and many compliance standards and applications (let alone common sense) require it. However, encryption creates a paradox for network security monitoring. Encryption protects…
Read More
October 26, 2015
Protect Your Grid
LogRhythm’s Launch of NERC-CIP v.5 Compliance Module Assisting Customers in the transition from v3 to v5 On February 12, 2013, the Obama administration recognized the growing cyber threat to various critical U.S. infrastructure. In response, Obama issued Executive Order 13636…
Read More
October 16, 2015
NetMon as a Programmatic Intrusion Detection System
Detect Threats, Passively Identify Devices and Selectively Capture Packets NetMon release 2.7.1 implements the ability to add custom scripting rules that can run on every packet or flow, allowing automatic analysis of network metadata. This capability allows for advanced intrusion…
Read More
August 13, 2015
LogRhythm Challenge: Black Hat 2015
Posted by: LogRhythm Labs
Collaboration between Thomas Hegel and Greg Foss. For Black Hat this year, Labs decided to try something new and put together a packet capture analysis challenge for the conference. The goal of the challenge was to find the secret launch…
Read More
August 13, 2015
PSRecon – Live Forensic Data Acquisition
Live incident response and forensic data acquisition is often a very manual and time consuming process that leaves significant room for error and can even result in the destruction of evidence. There are many people involved when investigating an incident, which makes…
Read More
August 5, 2015
“IT Helpdesk” Email to Jimdo Phishing
Over the last few days, we have been identifying another new phishing attack attempting to steal domain credentials. This particular example is isolated around the jimdo.com web hosting service. If you are not familiar with Jimdo, they essentially allow anyone…
Read More
July 15, 2015
4 Steps to Assessing Risk
In a recent survey, Security Spending and Preparedness in the Financial Sector, SANS polled various organizations within this sector to better understand their outlook on risks facing the organization. As a result, SANS made some suggestions that align with the…
Read More
July 2, 2015