Make Your Data Work for You
“Make your money work for you.” It’s something that I’ve heard financial planners say for years. But recently, I started correlating this notion with what we do on a daily basis. In talking with others in the info sec space,…
Read More
October 16, 2015
Using Expiring Lists in LogRhythm 7
As a multi-billion dollar company that makes everything, Acme Labs are rightly paranoid about the threats and resulting risks that they face. Just imagine if someone got a hold of their IP and used it for nefarious purposes. But, like…
Read More
October 15, 2015
Precision Search
With the release of LogRhythm 7, we introduced Precision Search. This feature helps you cut through the massive amount of data in your environment to identify specific information—all from one easy-to-use interface. With Precision Search, you can couple an unstructured…
Read More
October 14, 2015
A Picture Paints a Thousand Logs
The saying “a picture is worth a thousand words” has a lot of truth to it. And in the same manner, “a picture can be worth a thousand logs.” But how do you view the interactions of a thousand, a…
Read More
October 9, 2015
Getting Started with Threat Intelligence
Posted by: Joe Partlow
Joe Partlow, CISO, is a guest blogger from ReliaQuest. He has been involved with InfoSec in some capacity or role for over 15 years, mostly on the defensive side, but has always been fascinated by those cool kids on offense.…
Read More
August 20, 2015
NetMon as a Programmatic Intrusion Detection System
Detect Threats, Passively Identify Devices and Selectively Capture Packets NetMon release 2.7.1 implements the ability to add custom scripting rules that can run on every packet or flow, allowing automatic analysis of network metadata. This capability allows for advanced intrusion…
Read More
August 13, 2015
PSRecon – Live Forensic Data Acquisition
Live incident response and forensic data acquisition is often a very manual and time consuming process that leaves significant room for error and can even result in the destruction of evidence. There are many people involved when investigating an incident, which makes…
Read More
August 5, 2015
“IT Helpdesk” Email to Jimdo Phishing
Over the last few days, we have been identifying another new phishing attack attempting to steal domain credentials. This particular example is isolated around the jimdo.com web hosting service. If you are not familiar with Jimdo, they essentially allow anyone…
Read More
July 15, 2015
4 Steps to Assessing Risk
In a recent survey, Security Spending and Preparedness in the Financial Sector, SANS polled various organizations within this sector to better understand their outlook on risks facing the organization. As a result, SANS made some suggestions that align with the…
Read More
July 2, 2015
When Malware Isn’t Enough: Why You Need to Invest In Securing Your Data
Recently, Chris Petersen (LogRhythm’s CTO and Co-Founder) recently published the Security Operations Maturity Model (SOMM). The SOMM provides a systematic guide for an organization to assess and actively achieve a heightened security posture. In the SOMM, Chris stresses that the…
Read More
July 1, 2015
There’s No Hacking in Baseball (or is There?)
One morning, last week, coffee in hand, I opened the sports page of my local newspaper and the top story wasn’t about the latest pitcher to toss a no-hitter. There was nothing on the front page about game 6 of…
Read More
June 29, 2015
Doing the Impossible: Building your Security Intelligence Maturity
“Start by doing what is necessary, then do what it possible; and suddenly you are doing the impossible.” – St. Francis of Assisi In my 3+ years as a LogRhythm Professional Services & Security Consultant, I have often found customers…
Read More
June 17, 2015
A Case of the Mondays: How a Routine Visit Discovered a Cyber Attack
Recently, I learned a valuable lesson from what appeared as though it would be a regular Monday. My day started off routinely, but along the way some surprising events unfurled. I was scheduled to go on-site with a federal customer…
Read More
June 9, 2015
LogJam Flaw Discovered
This week, security researchers revealed evidence of a new flaw, LogJam, which could allow hackers to weaken encrypted connections between a user and a web or email server. The vulnerability was discovered as part of investigations into the FREAK flaw,…
Read More
May 22, 2015
Security Awareness: Taking Advantage of Opportunity
Security Awareness is an incredibly important aspect of any security program. As we’ve seen in countless high-profile breaches, users are consistently the path of least resistance into any organization. Which is why training employees to identify ‘suspiciousness’ and react in…
Read More
May 1, 2015
Security Awareness Training: Secure Remote Access to Corporate Infrastructure
In this installment of Lab’s weekly series, Security Awareness Training, we’ll be discussing appropriate methods for users remotely accessing corporate or cloud infrastructure. Many of us work remotely at some point and need to access corporate file shares and other…
Read More
April 9, 2015
British Airways Breach Puts Passwords Under the Spotlight Again
Earlier this week, it was reported that British Airways had suffered a data breach which exposed the details of a number of frequent-flier Executive Club accounts. It is thought that the breach is the result of a third party that…
Read More
March 31, 2015
A New Variant in POS Malware
I’d like to talk a little bit about a new POS Malware variant called LogPOS. Being a researcher at LogRhythm I feel it is my duty to talk about any Malware with the word “log” in it. Ironically this malware…
Read More
March 16, 2015