Security Tips and Tricks

Posted by: Brian Coulson

In our previous living off the land (LotL) blog post, we discussed why attackers use tools that already exist in the environment to plan an attack. But what role does Microsoft Scheduled Tasks in an attacker’s plan? In this post, we’re…

March 10, 2020

Many successful attacks begin with a phishing email that some user falls for. And that’s why MITRE prominently features Spearphishing (T1192) as an Initial Access technique in ATT&CK. View the on-demand webinar with Ultimate Windows Security to learn about the latest phishing techniques used by attackers and how MITRE ATT&CK can help detect and remediate these threats.

March 9, 2020

Coronavirus: it’s what every news outlet and person is talking about. With the outbreak of the infection, people want to stay up to date on the latest news and reports, so they’re looking up data and clicking on links to…

March 9, 2020

Posted by: Andrew Hollister

In the physical world, “living off the land” simply means to survive only by the resources that you can harvest from the natural land. There may be multiple reasons for doing this — perhaps you want to get “off the…

March 4, 2020

Threat intelligence feeds are a powerful way to identify attacks that use known infrastructure and malware. Unfortunately, teams can spend a lot of time chasing down alarms triggered by IP addresses that appear on a threat feed. So how can…

February 26, 2020

Here at LogRhythm, we strive to keep improving the security analyst experience. Our latest workflow improvements have arrived with LogRhythm NetMon 4, in which we’ve made it easier and faster to surface threats and investigate issues on your network. We also thought…

February 14, 2020

Posted by: Rob Sweeney

Senior Security Engineer Rob Sweeney is a guest blogger from Penn Medicine and a valued LogRhythm contributor. Rob’s presentation at LogRhythm’s third annual user conference, RhythmWorld, was so well received by our users that we asked him if he would…

January 24, 2020

Posted by: Jim Lee

Jim Lee is an information security analyst and guest blogger from Seismic Software Inc. He is an ambassador of cybersecurity education and empowerment for small businesses. Jim configures easy-to-use tools to develop intuitive solutions for small business cybersecurity programs. His…

December 12, 2019

Posted by: Eric Brown

The zero-day “baseStriker” vulnerability is still widely in use, but do you know what to look out for if it finds its way into your organization? While 18 months have passed since Microsoft developed a fix for the vulnerability that…

November 14, 2019

Posted by: Daniel Dallmann

Daniel Dallmann, Senior Information Security Engineer, is a guest blogger from Payworks and a valued LogRhythm contributor. Dan was on the SOAR Customer Panel at LogRhythm’s third annual user conference, RhythmWorld, and was generous enough to share some of the…

October 31, 2019

Microsoft Azure is one of the fastest growing cloud platforms on the market. Often, when an emerging technology grows so fast, organizations end up with knowledge silos. In the case of Azure, your DevOps team may be up and running…

October 8, 2019

Posted by: Matt Willems

Alarms don’t fire when it’s convenient. You could be threat hunting, out to lunch, or even in bed at 4 a.m. when an alarm comes your way. No matter where you are, you’ll need to quickly determine the severity of…

October 7, 2019

Posted by: Matt Willems

When a threat emerges in your environment, you need to investigate it as soon as possible to keep it from incurring damage. For that to happen, you need to be notified that it exists in the first place. A typical…

September 5, 2019

Posted by: Julian Crowley

The LogRhythm NextGen SIEM Platform collects, classifies, and normalizes log data from over 800 unique source types. At LogRhythm, our focus has always been on identifying and mitigating security threats through monitoring, alarming, and event log correlation. And while we…

August 30, 2019

Posted by: Ben Collier

Dealing with Syslog devices can be challenging. On the one hand, Syslog devices can send a great deal of logs, and often this is too much for one agent to handle. In addition, it is difficult to configure many different…

July 11, 2019

Posted by: Nick Kujawinski

After several meetings with health care security teams, it has become apparent that many information security departments are looking to move beyond basic, “check-the-box” compliance. If you are in a health care organization, you may be seeking ways to improve…

June 25, 2019

Posted by: Ashok Chokalingam

Despite your best efforts to protect your organization, an attacker can control an entire routing domain with a single spoofed packet. An attacker does not have to join the Open Shortest Path First (OSPF) neighborhood routers. Instead, the attacker could…

June 7, 2019

Posted by: Ashok Chokalingam

In part 1 of our two-part series on securing water critical infrastructures (CI), we described how a water treatment plant’s operational technology (OT) security team quickly detected, located, and shut down contaminated water pipes during a potential chemical attack on…

May 31, 2019