Living Off the Land Attacks with Scheduled Task
Posted by: Brian Coulson
In our previous living off the land (LotL) blog post, we discussed why attackers use tools that already exist in the environment to plan an attack. But what role does Microsoft Scheduled Tasks in an attacker’s plan? In this post, we’re…
Read More
March 10, 2020
4 Trending Phishing Techniques: Real-Life Examples and Tips for Detection
Many successful attacks begin with a phishing email that some user falls for. And that’s why MITRE prominently features Spearphishing (T1192) as an Initial Access technique in ATT&CK. View the on-demand webinar with Ultimate Windows Security to learn about the latest phishing techniques used by attackers and how MITRE ATT&CK can help detect and remediate these threats.
Read More
March 9, 2020
Beware of Coronavirus Phishing Attempts — Tips to Keep Your Organization Safe
Coronavirus: it’s what every news outlet and person is talking about. With the outbreak of the infection, people want to stay up to date on the latest news and reports, so they’re looking up data and clicking on links to…
Read More
March 9, 2020
What Are Living Off the Land Attacks?
Posted by: Andrew Hollister
In the physical world, “living off the land” simply means to survive only by the resources that you can harvest from the natural land. There may be multiple reasons for doing this — perhaps you want to get “off the…
Read More
March 4, 2020
How to Evaluate Threat Intelligence Feed Metadata for Better Context and Accuracy
Threat intelligence feeds are a powerful way to identify attacks that use known infrastructure and malware. Unfortunately, teams can spend a lot of time chasing down alarms triggered by IP addresses that appear on a threat feed. So how can…
Read More
February 26, 2020
Streamline Your Day with the All-New NetMon 4
Here at LogRhythm, we strive to keep improving the security analyst experience. Our latest workflow improvements have arrived with LogRhythm NetMon 4, in which we’ve made it easier and faster to surface threats and investigate issues on your network. We also thought…
Read More
February 14, 2020
Using Data Visualizations to Prove the Return on Investment of Your Security Program
Posted by: Rob Sweeney
Senior Security Engineer Rob Sweeney is a guest blogger from Penn Medicine and a valued LogRhythm contributor. Rob’s presentation at LogRhythm’s third annual user conference, RhythmWorld, was so well received by our users that we asked him if he would…
Read More
January 24, 2020
Five Steps to Threat Hunting with LogRhythm’s Free Network Security Monitoring Tool
Posted by: Jim Lee
Jim Lee is an information security analyst and guest blogger from Seismic Software Inc. He is an ambassador of cybersecurity education and empowerment for small businesses. Jim configures easy-to-use tools to develop intuitive solutions for small business cybersecurity programs. His…
Read More
December 12, 2019
Examining the baseStriker Vulnerability
Posted by: Eric Brown
The zero-day “baseStriker” vulnerability is still widely in use, but do you know what to look out for if it finds its way into your organization? While 18 months have passed since Microsoft developed a fix for the vulnerability that…
Read More
November 14, 2019
How Case Management Tags Improve Efficiency, Reporting, and SOC Metrics
Posted by: Daniel Dallmann
Daniel Dallmann, Senior Information Security Engineer, is a guest blogger from Payworks and a valued LogRhythm contributor. Dan was on the SOAR Customer Panel at LogRhythm’s third annual user conference, RhythmWorld, and was generous enough to share some of the…
Read More
October 31, 2019
Six Tips for Azure Cloud Security
Microsoft Azure is one of the fastest growing cloud platforms on the market. Often, when an emerging technology grows so fast, organizations end up with knowledge silos. In the case of Azure, your DevOps team may be up and running…
Read More
October 8, 2019
Rapidly Qualify and Triage Alarms with Contextual SmartResponse Automation
Posted by: Matt Willems
Alarms don’t fire when it’s convenient. You could be threat hunting, out to lunch, or even in bed at 4 a.m. when an alarm comes your way. No matter where you are, you’ll need to quickly determine the severity of…
Read More
October 7, 2019
Notifying and Collaborating with LogRhythm SmartResponse Automation
Posted by: Matt Willems
When a threat emerges in your environment, you need to investigate it as soon as possible to keep it from incurring damage. For that to happen, you need to be notified that it exists in the first place. A typical…
Read More
September 5, 2019
Exploring IT Operations with LogRhythm
Posted by: Julian Crowley
The LogRhythm NextGen SIEM Platform collects, classifies, and normalizes log data from over 800 unique source types. At LogRhythm, our focus has always been on identifying and mitigating security threats through monitoring, alarming, and event log correlation. And while we…
Read More
August 30, 2019
How to Use a Syslog Load Balancer with NGINX
Posted by: Ben Collier
Dealing with Syslog devices can be challenging. On the one hand, Syslog devices can send a great deal of logs, and often this is too much for one agent to handle. In addition, it is difficult to configure many different…
Read More
July 11, 2019
Cybersecurity in Health Care: Building the Business Case to Mature Your SOC
Posted by: Nick Kujawinski
After several meetings with health care security teams, it has become apparent that many information security departments are looking to move beyond basic, “check-the-box” compliance. If you are in a health care organization, you may be seeking ways to improve…
Read More
June 25, 2019
Monitoring OSPF Routing Protocols
Posted by: Ashok Chokalingam
Despite your best efforts to protect your organization, an attacker can control an entire routing domain with a single spoofed packet. An attacker does not have to join the Open Shortest Path First (OSPF) neighborhood routers. Instead, the attacker could…
Read More
June 7, 2019
Securing Water Critical Infrastructure: Detecting a Life-Threatening Attack, Part 2
Posted by: Ashok Chokalingam
In part 1 of our two-part series on securing water critical infrastructures (CI), we described how a water treatment plant’s operational technology (OT) security team quickly detected, located, and shut down contaminated water pipes during a potential chemical attack on…
Read More
May 31, 2019