Security Tips and Tricks

Hackers, hacktivists, scam artists and general bad guys are moving away from the traditional methods of writing software to infect and obtain information. Instead, there is a growing trend of social engineering attacks being used to steal employee credentials. These…

December 28, 2015

Posted by: Andrew Hollister

This is the final part of the series on tracking group policy changes. As I have mentioned a couple of times, one thing that makes monitoring group policy changes difficult is the fact that Microsoft logs the GUID of the…

December 16, 2015

Posted by: Andrew Hollister

It’s the most wonderful time of the year! As the rush towards Christmas continues and spending reaches fever pitch, those tasked with protecting retail networks, Point-of-Sale (POS) systems, and online shopping sites might be tempted to think it’s the most…

December 14, 2015

Using LogRhythm to Streamline Operations While the LogRhythm platform is typically used as a security solution, it is a flexible and powerful tool that can be used for operational use cases as well. LogRhythm’s ability to process a wide variety…

December 11, 2015

Posted by: Andrew Hollister

After reading my last post Tracking Group Policy Changes: Part 1, you may wonder what LogRhythm can do with the GPO change logs? Let’s take a look at how this is presented within LogRhythm. As I mentioned previously, LogRhythm has…

December 7, 2015

Posted by: Andrew Hollister

Following my earlier blog post, Unauthorized Use of Windows Administration Tools Use Case, one of our readers asked about methods for monitoring changes made to group policies. LogRhythm has built-in processing policies for almost any log imaginable in Windows and…

December 2, 2015

Without process whitelisting it’s tough for organizations to be sure of what is running on their hosts. Even with whitelisting, malware can masquerade under other files/processes and appear as something legitimate even though it’s really not the program it is…

November 24, 2015

Posted by: Andrew Hollister

LogRhythm’s SmartResponse™ is a powerful and flexible technology that has been further extended in LogRhythm 7 to allow actions to be executed on System Monitor Agents. These actions can be launched when an individual alarm is generated, on demand, or…

November 23, 2015

Threats are evolving at a rapid pace. Not only are they more sophisticated, but they are also increasingly entering the corporate network via different means of attack. Organizations have traditionally been more fearful of external threats to their confidential documents;…

November 16, 2015

The Challenge Account access management can be a tireless task. Sometimes, people never actually log in their user accounts, and the accounts should be deleted. Others use their access regularly. The struggle is managing access to these accounts in a…

November 13, 2015

Posted by: Andrew Hollister

The Challenge PSExec is a powerful utility offered by Microsoft’s Sysinternals. It lets you execute processes on other systems without having to install anything manually. The tool interactively installs itself on the remote target machine, so you can redirect the…

November 12, 2015

LogRhythm is a long-time Cisco partner and member of the Cisco Security Technical Alliance program and integrates with numerous Cisco solutions, including Cisco Adaptive Security Applications (ASA), Cisco Identity Services Engine (ISE), and Cisco FireSIGHT Management Console, to enable rapid…

November 3, 2015

Posted by: Andrew Hollister

The Challenge Microsoft Management Console (MMC) hosts administrative tools that you can use to administer networks, computers, services and other system components. These tools are provided as plug-ins. Some of the common ones are Active Directory Users and Computers, DNS…

November 2, 2015

The Challenge Having clear text credentials on your corporate network can make your organization vulnerable. Detecting them early and notifying the users, as well as the IT department, could stop a very real threat to your company. Many internal services…

November 2, 2015

Posted by: Phil Villella

LogRhythm 7 features multiple major architectural improvements, including the separation of our data processing and indexing tiers and the introduction of Elasticsearch. Elasticsearch gives you actionable insights by enabling powerful full-text unstructured search capabilities. This highly intuitive search experience provides…

October 29, 2015

The Encryption Paradox Security experts universally agree that network traffic must be encrypted to be considered secure, and many compliance standards and applications (let alone common sense) require it. However, encryption creates a paradox for network security monitoring. Encryption protects…

October 26, 2015

The Scenario I’ve been asked to prepare a security audit—and I only have the weekend! So I start to do my research, of course reading the many posts on LogRhythm’s website…but the weekend gets away from me. Instead of preparing,…

October 21, 2015

LogRhythm’s Launch of NERC-CIP v.5 Compliance Module Assisting Customers in the transition from v3 to v5 On February 12, 2013, the Obama administration recognized the growing cyber threat to various critical U.S. infrastructure. In response, Obama issued Executive Order 13636…

October 16, 2015