##The Challenge Juniper issued an advisory on December 18th indicating that they had discovered unauthorized code in some versions of the ScreenOS software that powers their Netscreen firewalls. The advisory covers two issues: One was a backdoor in the VPN…
Read MoreDecember 29, 2015
Cybersecurity continued to be a problem for many companies in 2015, with several large financial institutions, retailers and insurance companies admitting to damaging breaches worth millions of dollars. The rise of cyber attacks is most likely here to stay. The…
Read MoreDecember 22, 2015
As we approach 2016, security experts are reflecting on the cyber attacks of this year and making predictions as to what the threat landscape may look like in the coming months. This year, there will be innovative security initiatives, different…
Read MoreDecember 22, 2015
This is the final part of the series on tracking group policy changes. As I have mentioned a couple of times, one thing that makes monitoring group policy changes difficult is the fact that Microsoft logs the GUID of the…
Read MoreDecember 16, 2015
It’s the most wonderful time of the year! As the rush towards Christmas continues and spending reaches fever pitch, those tasked with protecting retail networks, Point-of-Sale (POS) systems, and online shopping sites might be tempted to think it’s the most…
Read MoreDecember 14, 2015
After reading my last post Tracking Group Policy Changes: Part 1, you may wonder what LogRhythm can do with the GPO change logs? Let’s take a look at how this is presented within LogRhythm. As I mentioned previously, LogRhythm has…
Read MoreDecember 7, 2015
Following my earlier blog post, Unauthorized Use of Windows Administration Tools Use Case, one of our readers asked about methods for monitoring changes made to group policies. LogRhythm has built-in processing policies for almost any log imaginable in Windows and…
Read MoreDecember 2, 2015
Without process whitelisting it’s tough for organizations to be sure of what is running on their hosts. Even with whitelisting, malware can masquerade under other files/processes and appear as something legitimate even though it’s really not the program it is…
Read MoreNovember 24, 2015
LogRhythm’s SmartResponse™ is a powerful and flexible technology that has been further extended in LogRhythm 7 to allow actions to be executed on System Monitor Agents. These actions can be launched when an individual alarm is generated, on demand, or…
Read MoreNovember 23, 2015
The Challenge PSExec is a powerful utility offered by Microsoft’s Sysinternals. It lets you execute processes on other systems without having to install anything manually. The tool interactively installs itself on the remote target machine, so you can redirect the…
Read MoreNovember 12, 2015
The Challenge Microsoft Management Console (MMC) hosts administrative tools that you can use to administer networks, computers, services and other system components. These tools are provided as plug-ins. Some of the common ones are Active Directory Users and Computers, DNS…
Read MoreNovember 2, 2015
The Encryption Paradox Security experts universally agree that network traffic must be encrypted to be considered secure, and many compliance standards and applications (let alone common sense) require it. However, encryption creates a paradox for network security monitoring. Encryption protects…
Read MoreOctober 26, 2015
LogRhythm’s Launch of NERC-CIP v.5 Compliance Module Assisting Customers in the transition from v3 to v5 On February 12, 2013, the Obama administration recognized the growing cyber threat to various critical U.S. infrastructure. In response, Obama issued Executive Order 13636…
Read MoreOctober 16, 2015
Detect Threats, Passively Identify Devices and Selectively Capture Packets NetMon release 2.7.1 implements the ability to add custom scripting rules that can run on every packet or flow, allowing automatic analysis of network metadata. This capability allows for advanced intrusion…
Read MoreAugust 13, 2015
Collaboration between Thomas Hegel and Greg Foss. For Black Hat this year, Labs decided to try something new and put together a packet capture analysis challenge for the conference. The goal of the challenge was to find the secret launch…
Read MoreAugust 13, 2015
Live incident response and forensic data acquisition is often a very manual and time consuming process that leaves significant room for error and can even result in the destruction of evidence. There are many people involved when investigating an incident, which makes…
Read MoreAugust 5, 2015
Over the last few days, we have been identifying another new phishing attack attempting to steal domain credentials. This particular example is isolated around the jimdo.com web hosting service. If you are not familiar with Jimdo, they essentially allow anyone…
Read MoreJuly 15, 2015
In a recent survey, Security Spending and Preparedness in the Financial Sector, SANS polled various organizations within this sector to better understand their outlook on risks facing the organization. As a result, SANS made some suggestions that align with the…
Read MoreJuly 2, 2015