Security Tips and Tricks

Last year, during a proof of concept, a future customer discovered that an internal development web server had been accidentally published externally. The content of this development server—including the customers’ personally identifiable information (PII)—had been made publicly available with no…

October 18, 2016

About the CIS Critical Security Controls Now in version 6, the Center for Internet Security (CIS) Critical Security Controls “are a concise, prioritized set of cyber practices created to stop today’s most pervasive and dangerous cyber attacks.” So why have…

October 13, 2016

Posted by: LogRhythm Labs

Collaboration between Greg Foss, Kjell Hedstrom, Dan Schatz-Miller, Michael Swisher, and Craig Cogdill LogRhythm NetMon is a powerful forensics tool that allows organizations to capture, analyze, and alert on network data. Traditionally, NetMon is deployed on a blade server within…

October 6, 2016

On September 22nd, 2016, Yahoo confirmed that they were victim to a state-sponsored attack that compromised 500 million user accounts. According to Yahoo, “The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the…

September 29, 2016

In the world of infosec, we know that gathering evidence is critical to identifying the attack vector, understanding how to stop the attack quickly, and moving ongoing investigations further. One of the best ways to gather forensic evidence is through…

September 27, 2016

When it comes to correlation capabilities, LogRhythm has you covered. With AI Engine you can perform a variety of activities, from observing a single activity to applying advanced behavior rules across multiple dimensions (entities, devices, log sources, metadata, etc.). In…

September 22, 2016

The Challenge Knowing What to Trust With the proliferation of top-level domains, threat actors are using all sorts of DNS tricks to entice people to engage with malicious sites or to mask malicious traffic in the noise of normal traffic.…

August 23, 2016

Posted by: Phil Villella

When discussing effective approaches to the problem of security analytics, I think it is first important to start with a clear definition of the goal of security analytics. The ultimate goal of security analytics is to deliver technology solutions that…

August 22, 2016

The Threat of Data Exfiltration with Packet Capture Software With the sheer volume of network traffic and the variety of applications that travel across a typical network these days, it is not surprising how easy it is to gather high-value…

July 28, 2016

The Difficulty in Detecting Beaconing Malware When it comes to threat detection, you’re taking great measures to protect your organization. Yet threats, such as malware, keep getting in despite the network monitoring tools and enterprise threat detection solutions you have…

July 26, 2016

Notice: LogRhythm always recommends using a sandbox or other “safe” method when testing or investigating known malicious sites. Phishing for Personally Identifiable Information (PII) Everyone who works in security deals with phishing emails to some extent—some more than others. In…

July 21, 2016

Detecting Unauthorised Application Communication via NetMon Recently, at home and in the office, I’ve been on quite the NetMon kick. The reason why I’ve been spending a lot of time in the tool is because we recently updated our enterprise…

July 19, 2016

Over the past three years, ransomware has jumped into the spotlight of the cyberthreat landscape. Until recently, most ransomware attacks were simply opportunistic and mostly affected individual users’ or small businesses’ computers. The ransom demands have commonly been the equivalent…

July 15, 2016

Are You Prepared for Ransomware? Ransomware is and has been a scourge upon our houses for a while now. To quote The Ransomware Threat: A How-To Guide on Preparing for and Detecting an Attack Before it’s Too Late, “2016 is…

June 27, 2016

Posted by: Ramy Ahmad

As a cybersecurity pro, you already know that a user is both an organization’s greatest asset and its greatest vulnerability. Users have access to sensitive information and systems with the ability to inflict immense damage to an organization. Insider threats…

June 10, 2016

The Challenge Generating Actionable Intelligence from Windows Security Event Logs Microsoft Windows—love it or hate it—is near ubiquitous for desktop, laptop and notebooks, and it still makes an occasional appearance or two across all of the servers running on our…

May 26, 2016

The Challenge: Getting Rid of Disabled User Accounts What’s worse than the walking dead in real life? Zombie user accounts that suddenly have activity and intend to do harm to your organization. I have spoken with several organizations in the…

May 20, 2016

The Challenge: Detect Threat Actors Who Already Have Network Access Suppose you wanted to find threat actors lurking on your network—probably a good idea, right? To do this, you need to devise a way to be notified of strange activity.…

May 18, 2016