Using Deep Packet Analytics to Detect Personally Identifiable Information
The Challenge: Protecting Customers’ Personally Identifiable Information (PII) Businesses today have to ensure that they not only meet their regulatory compliance requirements, but also take reasonable and appropriate measures to protect their customers’ data (including their personally identifiable information). The…
Read More
May 3, 2016
WebConsole Cyber Kill Chain
The Challenge Tough times call for tough measures. What better way to visualize those measures than through the cyber kill chain? The Cyber Kill Chain is a method developed by Lockheed Martin to gain further insight into what stage a…
Read More
April 27, 2016
SMS Alerting Via SmartResponse
The Problem Security analysts can’t always dedicate their time to monitoring the security operations center (SOC), nor do they always check the alerts that they receive via email, due to various reasons. Also, some alerts are simply more important than…
Read More
April 21, 2016
LogRhythm Threat Intelligence Services (TIS): STIX via TAXII
Here at LogRhythm, we are excited to announce an updated release of our Threat Intelligence Services (TIS). If you’re not familiar with TIS, its easy-to-use utility enables LogRhythm customers to rapidly add and configure a wide array of threat feeds…
Read More
April 20, 2016
The State of Ransomware: How to Prepare for an Attack
Posted by: LogRhythm Labs
This blog is co-authored by LogRhythm Labs Incident Response Engineer Nathaniel “Q” Quist and Threat Intelligence Engineer Matt Willems. Ransomware is currently one of the most widespread and highest-publicized threats on the Internet. Over the last few years, we’ve seen…
Read More
March 28, 2016
Learn How to Automatically Mitigate Threats
Detecting new and unique attacks requires a different strategy to the traditional prevention-centric model of IT security. The traditional model looks like a coconut. Tough on the outside, soft (or non-existent) on the inside. Organizations are well-trained in deploying firewalls,…
Read More
March 18, 2016
Detecting and Ending Long-Running Processes
The Challenge: Processes Gone Wild It is fairly straightforward to correlate and alert on activity you have a log message for, but what about in the scenario where there’s no log or audit message. How do you detect when someone…
Read More
March 14, 2016
Harnessing Your SIEM for Cyberthreat Intelligence
Posted by: Matt Willems
In the world of cybersecurity, cyberthreat intelligence (CTI) burst on to the scene in a big way in 2015. Everyone wants useful data and analytical tools for next-gen cybersecurity in order to detect and respond to threats faster. The industry…
Read More
March 8, 2016
Detecting and Blocking Suspicious Internal Network Traffic
Internal network traffic in an organization can be as nefarious as an outside hacker trying to gain access to sensitive information. Every organization needs visibility into their network, both internal and external, in order to detect and respond to threats.…
Read More
March 7, 2016
Monitoring Digitally Signed PowerShell
Posted by: Andrew Hollister
The Challenge Microsoft Windows PowerShell is a powerful scripting environment. The PowerShell execution polices are provided in order to let you determine the conditions under which scripts may be run. The default option is “Restricted,” which doesn’t allow any scripts…
Read More
February 3, 2016
SIEM: To Manage or Not to Manage, That is the Question
For organizations looking to protect themselves from cyber threats, one question is front and center: Do you choose to use a managed security provider (MSP) or do you dedicate in-house resources? This question is one that must be answered whether…
Read More
January 15, 2016
SANS "Find Evil" Digital Forensics Use Case for Windows
Posted by: Andrew Hollister
In 2014, SANS published a Digital Forensics poster called “Know Abnormal…Find Evil.” This resource delves into the differences between normal and abnormal behavior—and what you might look for or ignore in a digital forensics investigation. The Challenge Using this reference…
Read More
January 12, 2016
Detecting Rogue Svchost Processes
Posted by: Andrew Hollister
The Challenge Malware authors may attempt to hide their processes “in plain sight” by calling them the same name as some common Windows processes. Very commonly, “svchost.exe” has been used for this purpose. It is difficult to catch this by…
Read More
January 8, 2016
LogRhythm Precision Search: An Unstructured Journey
According to Wikipedia, unstructured data (or unstructured information) refers to information that either does not have a pre-defined data model or is not organized in a pre-defined manner. Unstructured information is typically text-heavy, but it may also contain data such…
Read More
January 6, 2016
Agent SmartResponse Host Checking
Posted by: Andrew Hollister
The Problem How can you find out if a SmartResponse™ plug-in using PowerShell will run on a specific System Monitor Agent host? Also, with what user context will the SmartResponse plug-ins execute? Windows PowerShell execution policies let you determine the…
Read More
January 6, 2016
A Deeper View into the Threat Landscape
The threat landscape hasn’t really changed, except for a few minor adjustments. We are still seeing nation state threat actors, financial crime groups, hactivism (though that has been receiving less press lately), terrorist organizations and commodity threats (e.g., CryptoLocker). The…
Read More
January 4, 2016
Striking the Balance Between Machine and Human Analysis in Your SIEM Environment
As technology advances, the threat landscape is also advancing. With thousands of touch points in any given network, cyber criminals are effectively exploiting weak points on an almost daily basis. Prevention-centric strategies are no longer efficient for organizations, and they…
Read More
December 30, 2015
Detecting the Juniper Netscreen OS Backdoor
Posted by: Andrew Hollister
##The Challenge Juniper issued an advisory on December 18th indicating that they had discovered unauthorized code in some versions of the ScreenOS software that powers their Netscreen firewalls. The advisory covers two issues: One was a backdoor in the VPN…
Read More
December 29, 2015