How to Social Engineer Your Way into a Network
Hackers, hacktivists, scam artists and general bad guys are moving away from the traditional methods of writing software to infect and obtain information. Instead, there is a growing trend of social engineering attacks being used to steal employee credentials. These…
Read More
December 28, 2015
Tracking Group Policy Changes: Part 3
Posted by: Andrew Hollister
This is the final part of the series on tracking group policy changes. As I have mentioned a couple of times, one thing that makes monitoring group policy changes difficult is the fact that Microsoft logs the GUID of the…
Read More
December 16, 2015
Security Measures Retailers Should Have in Place
Posted by: Andrew Hollister
It’s the most wonderful time of the year! As the rush towards Christmas continues and spending reaches fever pitch, those tasked with protecting retail networks, Point-of-Sale (POS) systems, and online shopping sites might be tempted to think it’s the most…
Read More
December 14, 2015
LogRhythm for DevOps
Using LogRhythm to Streamline Operations While the LogRhythm platform is typically used as a security solution, it is a flexible and powerful tool that can be used for operational use cases as well. LogRhythm’s ability to process a wide variety…
Read More
December 11, 2015
Tracking Group Policy Changes: Part 2
Posted by: Andrew Hollister
After reading my last post Tracking Group Policy Changes: Part 1, you may wonder what LogRhythm can do with the GPO change logs? Let’s take a look at how this is presented within LogRhythm. As I mentioned previously, LogRhythm has…
Read More
December 7, 2015
Tracking Group Policy Changes: Part 1
Posted by: Andrew Hollister
Following my earlier blog post, Unauthorized Use of Windows Administration Tools Use Case, one of our readers asked about methods for monitoring changes made to group policies. LogRhythm has built-in processing policies for almost any log imaginable in Windows and…
Read More
December 2, 2015
VirusTotal SIEM Integration
Without process whitelisting it’s tough for organizations to be sure of what is running on their hosts. Even with whitelisting, malware can masquerade under other files/processes and appear as something legitimate even though it’s really not the program it is…
Read More
November 24, 2015
SmartResponse Shell
Posted by: Andrew Hollister
LogRhythm’s SmartResponse™ is a powerful and flexible technology that has been further extended in LogRhythm 7 to allow actions to be executed on System Monitor Agents. These actions can be launched when an individual alarm is generated, on demand, or…
Read More
November 23, 2015
When the Threat Comes from Within
Threats are evolving at a rapid pace. Not only are they more sophisticated, but they are also increasingly entering the corporate network via different means of attack. Organizations have traditionally been more fearful of external threats to their confidential documents;…
Read More
November 16, 2015
Automatic Management of User Account Expiry Use Case
The Challenge Account access management can be a tireless task. Sometimes, people never actually log in their user accounts, and the accounts should be deleted. Others use their access regularly. The struggle is managing access to these accounts in a…
Read More
November 13, 2015
Detecting Rogue Processes in the Services Session
Posted by: Andrew Hollister
The Challenge PSExec is a powerful utility offered by Microsoft’s Sysinternals. It lets you execute processes on other systems without having to install anything manually. The tool interactively installs itself on the remote target machine, so you can redirect the…
Read More
November 12, 2015
LogRhythm and Cisco Partner to Enable Rapid Threat Containment
LogRhythm is a long-time Cisco partner and member of the Cisco Security Technical Alliance program and integrates with numerous Cisco solutions, including Cisco Adaptive Security Applications (ASA), Cisco Identity Services Engine (ISE), and Cisco FireSIGHT Management Console, to enable rapid…
Read More
November 3, 2015
Unauthorized Use of Windows Administration Tools Use Case
Posted by: Andrew Hollister
The Challenge Microsoft Management Console (MMC) hosts administrative tools that you can use to administer networks, computers, services and other system components. These tools are provided as plug-ins. Some of the common ones are Active Directory Users and Computers, DNS…
Read More
November 2, 2015
Clear Text Passwords (Caught!) Use Case
The Challenge Having clear text credentials on your corporate network can make your organization vulnerable. Detecting them early and notifying the users, as well as the IT department, could stop a very real threat to your company. Many internal services…
Read More
November 2, 2015
Uncover Actionable Data with Elasticsearch
Posted by: Phil Villella
LogRhythm 7 features multiple major architectural improvements, including the separation of our data processing and indexing tiers and the introduction of Elasticsearch. Elasticsearch gives you actionable insights by enabling powerful full-text unstructured search capabilities. This highly intuitive search experience provides…
Read More
October 29, 2015
NetMon and SSL Proxy Integration
The Encryption Paradox Security experts universally agree that network traffic must be encrypted to be considered secure, and many compliance standards and applications (let alone common sense) require it. However, encryption creates a paradox for network security monitoring. Encryption protects…
Read More
October 26, 2015
Threat Activity Map Operational Use Case
The Scenario I’ve been asked to prepare a security audit—and I only have the weekend! So I start to do my research, of course reading the many posts on LogRhythm’s website…but the weekend gets away from me. Instead of preparing,…
Read More
October 21, 2015
Protect Your Grid
LogRhythm’s Launch of NERC-CIP v.5 Compliance Module Assisting Customers in the transition from v3 to v5 On February 12, 2013, the Obama administration recognized the growing cyber threat to various critical U.S. infrastructure. In response, Obama issued Executive Order 13636…
Read More
October 16, 2015