RhythmWorld 2022
Ready to Defend
About RhythmWorld Security Conference
RhythmWorld is the premier cybersecurity conference for the latest security insights, perspectives on emerging threats, and support in achieving your security goals. This year, we are happy to announce that we will return to the Mile High City for two full days of interactive peer-to-peer learning, networking, and an unforgettable experience.
RhythmWorld attendees gain access to best practices, comprehensive training sessions featuring cybersecurity leaders from across the industry, connections to technical LogRhythm experts, and the chance to compete in a LogWars Capture the Flag (CTF) event.
Why Attend?
Discover Security Trends and Best Practices
Stay on the forefront of security trends and topics with sessions lead by industry experts.
Gain New Skills and Participate in Interactive Sessions
Bring key insights back to your organization and have fun along the way.
Learn from LogRhythm Practitioners and Experts
Discover the latest LogRhythm capabilities and solutions designed to strengthen your security operations.
Share and Collect Insights from Peers
Hear how other industry experts are solving their business challenges with LogRhythm.
Connect with Your LogRhythm Community
Grow relationships with your LogRhythm peers and connect with like-minded security professionals.
LogRhythm Pinnacle Awards
LogRhythm’s 2nd Annual Pinnacle Awards recognize outstanding security leaders, programs, and organizations making positive contributions to the industry and working to solve today’s greatest security challenges. These awards are presented at RhythmWorld and seek to celebrate members of the security community for their outstanding work and achievements.
The award finalists are selected by the LogRhythm Pinnacle Awards committee via an anonymous judging process.
Learn more about the LogRhythm Pinnacle Awards and submit your nominations below via the Pinnacle Award Submission Page.
Nominations must be submitted by August 12, 2022
Keynote Speaker
Stephen Ward
Stephen Ward has over 20 years of experience in cybersecurity, physical security, fraud and technology risk acquired throughout his career in both the public sector (U.S. Secret Service) and the private sector (JPMorgan Chase and TIAA). He has spent the past 10 years as an advisor to founders of startup companies helping them with strategy, product and business development.
Stephen is a veteran of the U.S. Coast Guard and graduate of Seton Hall University.
Keynote Speaker
David Holmes
Senior Analyst, Forrester
David Holmes is a senior analyst at Forrester, advising security and risk professionals about strategy, architecture, and Zero Trust. His coverage includes security architecture (Zero Trust edge, SASE, microsegmentation, Zero Trust network access), network security controls (firewalls, automated malware sandbox analysis, IDS/IPS), distributed denial-of-service (DDoS) protection, DNS security, and encryption of data in transit. He helps security leaders plan Zero Trust implementations, select cybersecurity controls, and understand new mitigation technologies. David has presented at industry conferences like RSA, Infosec Europe, and the Australian Cybersecurity Conference. He has written regularly for industry magazines on cryptography, malware, and the security community.
Keynote Speaker
Emilie Aries
Emilie Aries is a speaker, podcast host, author, and the Founder & CEO of Bossed Up, an award-winning personal and professional development community where she helps women and marginalized people create radical progress in their careers.
Her book, Bossed Up serves as a practical roadmap for women who want to set themselves up for sustainable, long-term career success and step up as the boss of their lives.
Chris brings more than 30 years of executive leadership and board of director experience in the software industry from start-ups to large enterprises. He served as a LogRhythm independent Board Member since 2021 and was previously the President and CEO of Compuware. Chris successfully led Compuware for 6 years resulting in an acquisition by BMC in 2020. Prior to Compuware, Chris served as the CEO of VelociData, CEO of Nimsoft, EVP/GM CA Technologies’ Cloud Products & Solutions Business Unit & IT Management SaaS solutions, and EVP/GM of CA Technologies’ Mainframe Business. A frequent media contributor and keynote speaker, Chris has been featured on Bloomberg national radio and the Wall Street Journal for his technology industry expertise. In addition, Chris was honored as one of the top 50 names to know in IT by Crain’s Business in 2017, named best DevOps evangelist by DevOps.com in 2019, selected as one of the Top 25 Government IT Executives of 2020 by IT Services Report, and selected by the Sigma Chi Fraternity as a Significant Sig in 2017.
Explore RhythmWorld Sessions
Day 2 | Thurs, 9/15
Breakfast
Registration
Meditation Minute
Amanda Meader, Project Manager | Yoga Teacher | Community Leader
Amanda Meader is an e-500 Registered Yoga Teacher and Certified Education Provider with Yoga Alliance. Since 2015, Amanda has created and taught a variety of holistic health and fitness classes, such as Hot 26&2 Yoga, Power Vinyasa, Integrated Vinyasa, Aerial Yoga, HIIT, Spin, Kettlebell, and Kickboxing. She continues to offer her classes both in person and via Zoom.
Amanda strives to impart to her students that the idea of yoga is much more than simply a physical activity, but a practice in living with integrity.
A Look into the Future of LogRhythm
Matt Willems, Director of Product, LogRhythm
Kish Dill, Chief Product and Customer Officer, LogRhythm
Steve Kansa, VP of Product Management, LogRhythm
Charles Nicolson, Sr. Information Security Engineer, Frontline Education
Kevin Merolla, Security Manager, Chart Industries, Inc.
Andy Culpepper, Principal Cybersecurity Engineer, Avertium
Presenters:
- Kish Dill, Chief Product and Customer Officer, LogRhythm
- Steve Kansa, VP of Product Management, LogRhythm
Moderator:
- Matt Willems, Director of Product, LogRhythm
Panelists:
- Charles Nicolson, Sr. Information Security Engineer, Frontline Education
- Kevin Merolla, Security Manager, Chart Industries, Inc.
- Andy Culpepper, Principal Cybersecurity Engineer, Avertium
Partner Exhibits
Webroot/Carbonite, Avertium, RedLegg, Gigamon, immixGroup, Novacoast, and NDM
See demonstrations from LogRhythm’s trusted partners.
Active Allyship: Supporting Equity at Work
Emilie Aries, CEO | Speaker | Author | Leadership Consultant | Podcaster, Bossed Up
Unconscious gender bias is prevalent in even the most well-intentioned workplaces, and the consequences of that bias can be far-reaching for women. In order to solve this issue, individuals and organizations need to actively disrupt the norms and structures that perpetuate inequality, and take actions to create an inclusive work culture.
In this keynote, you’ll hear from Emilie Aries, Bossed Up’s CEO and founder, about the importance of active allyship in the disruption of workplace norms that perpetuate bias. You’ll walk away with concrete strategies how individuals can take to contribute to gender equity at work through everyday actions.
Attend this session to learn:
- Practical strategies to amplify underrepresented voices at wor
- How to identify and interrupt microaggressions and share emotional labor
- How to practice inclusive mentorship to drive innovation and performance of diverse teams
CISO Panel
Andrew Hollister, CISO and VP LogRhytm Labs, LogRhythm
Waqas Akkawi, CISO, SIRVA
Brian Druckenbroad, Director of Security, Newfold
Kyle Redding, Head of Information Security, Bloomin Brands
Moderated by:
- Andrew Hollister
Presenters:
- Kish Dill, Chief Product and Customer Officer, LogRhythm
- Steve Kansa, CISO and VP LogRhytm Labs, LogRhythm
Panelists:
- Waqas Akkawi, CISO, SIRVA
- Brian Druckenbroad, Director of Security, Newfold
- Kyle Redding, Head of Information Security, Bloomin Brands
LogRhythm Product Demos
LogRhythm Product Experts
See LogRhythm’s Security Operations Platform and solutions in action.
What to Collect and Why – Maximizing the Effectiveness of Threat Detection
Christian Martinez, Security Solitions Manager, RedLegg
Chris Young, Sr. Security Solutions Engineer, RedLegg
Christian Martinez: A highly analytical and multi-skilled IT Professional with over 9 years of relative IT experience with the last 7 years in Cyber Security. He is well versed in SIEM technologies with the most prevalent being LogRhythm.
Chris Young: US Army Veteran with over 25 years of IT Infrastructure and Security Engineering experience In the Government, Healthcare, Financial, Manufacturing, and Consumer Retail verticals. Chris has been working with LogRhythm for the past seven and a half years and is a certified Deployment Engineer with over 40 deployments.
Threat Intelligence Feed: Webroot BrightCloud for LogRhythm
Mark Wainess, Sr. OEM Sales Executive, Webroot
The Webroot BrightCloud IP Reputation threat intelligence feed can be loaded into LogRhythm to protect users from connections by malicious IP addresses. This presentation will review the different implementation options and the value the feed provides.
Acronyms Suck
Rob Wille, Solutions Architect, Avertium
Rob Wille, Solutions Architect, will overview his acronym lifecycle, and offer a better, more informed way to define and decipher detection and response technologies, and will breakdown some of the mysticism surrounding XDR.
Learn a more informed way to define and decipher detection and response technologies.
Lunch – Meetup by Industry
Microsoft Sysmon for Linux – How to Detect Using Sysmon on Linux Systems
Daniel Chambers, Analytic Co-Pilot Consultant, LogRhythm
Imran Hafeez, Senior Analytic Co-Pilot Consultant, LogRhythm
Sysmon for Windows has been incorporated into the MITRE ATT&CK module for some time, however, Sysmon for Linux is now available as an Open Source option. One of the reasons for Sysmon’s popularity is that it allows you to keep a log with detailed information about the creation and termination of processes, network connections, and file manipulations. This session explores key features of Sysmon for Linux and how to use Sysmon for Linux with LogRhythm for threat detection.
Attend this session to learn:
- How to install and onboard Sysmon for Linux
- Use cases for using the logs
- Best practices for using Sysmon for Linux
LogRhythm Axon Design: A Look into the Future
Nick Trombley, User Experience Principal, LogRhythm
Matt Willems, Director of Product, LogRhythm
Emily Douglas, User Experience Designer, LogRhythm
Join the LogRhythm UX team as we look toward the future of LogRhythm Axon, LogRhythm’s cloud native Security Operations Platform. Learn more about our soon-to-be-released, cutting-edge threat investigation platform built from the ground up.
In this session, we’ll share demos of our current work in progress and ideas for product features.
Attend this session to learn:
- What LogRhythm Axon is and how it differs from other security vendors
- Key use cases Axon will solve
- How Axon will change the way teams approach cybersecurity
SOC from Home; the Shift of Focus for SOCs to the Cloud after WFH
Brian Coulson, Principal Threat Research Engineer, LogRhythm
Eric Brown, Senior Security Analyst, LogRhythm
With the shift of primarily working away from the office over the past couple of years, attackers have taken advantage of workers with fake emails about benefits, the pandemic, job offers, etc. All in an effort to successfully phish end users and obtain their credentials and or to access their systems and data. In this talk, we will be discussing some of the more novel approaches attackers have taken to phish users, how the SOC has repositioned itself to secure the new work environments, and detection techniques you can use in your environment.
In this session, we will focus on SOC tools, technologies and techniques in the detection of novel phishes being used to lure users.
Attend this session to learn:
- How attackers adapt to change quickly
- How the SOC adapted quickly too
- Techniques you can use in your environment to detect novel phishes
Cloud-Native LogRhythm Axon Data Schema
Tony Black, Senior Software Architect II, LogRhythm
With the massive volume of data produced by modern security controls and other technology, understanding context is critical to making informed and timely decisions. Translating the incoming data to a common language is at the core of what LogRhythm does in the current SIEM solution and is being expanded under the LogRhythm Axon Security Operations Platform. In this session, learn how we are approaching the translations in today’s solution and how we are improving it with LogRhythm Axon.
Attend this session to learn:
- A brief overview of LogRhythm’s current data schema
- How the LogRhythm Axon data schema was designed
- An overview of the LogRhythm Axon data schema and its hierarchy
- How your teams can leverage the LogRhythm Axon data schema
The Value of NDR & What Lies Ahead
Derek Watkins, Director Product Management, LogRhythm
Cyberattacks are becoming more sophisticated, targeted, and widespread. The evolution of traditional security boundaries toward a landscape that is cloud-centered has left the old way of detecting and responding to threats over the network inadequate. Security teams are now faced with defending more ubiquitous ground, at a larger scale, against savvier adversaries.
Please join this session for a discussion about the burgeoning technology within cybersecurity known as Network Detection & Response, the value that it can help bring to security teams, and some insights into where this technology is headed. You’ll hear from Derek Watkins, Director of Product Management at LogRhythm and a 20-year cybersecurity veteran.
Attend this session to learn:
- The evolution from network traffic analysis to detection and response
- NDR’s role in the overall modern security ecosystem
- Use-cases and security outcomes
- Where the technology is headed from here
Why Zero Trust Security Matters Now
Andrew Hollister, CISO and VP LogRhytm Labs, LogRhythm
Zack Rowland, Principal Security Operations Analyst, LogRhythm
We’ve all heard about Zero Trust for years, yet the strategy has been slow to gain traction. Thanks to the growing adoption of Cloud services and the enormous changes in working patterns, including hybrid as well as fully remote work, Zero Trust is gaining momentum. As both data and users have moved outside the traditional security perimeter, it’s time for security strategies to evolve.
It’s no longer a question of why you need Zero Trust, but how soon can you adopt the strategy. LogRhythm Chief Security Officer Andrew Hollister will discuss the importance Zero Trust. He’ll also reveal best practices to adopt this security architecture to ensure success.
Attend this session and you will learn:
- The advantages and disadvantages of implementing Zero Trust
- Organizational changes needed to implement a Zero Trust strategy
- Key obstacles to avoid when exploring Zero Trust
Cloud-Native LogRyhthm Axon Policy Builder
Tony Black, Senior Software Architect II, LogRhythm
The Policy Builder tool in LogRhythm Axon is a new method for creating message processing policies. It is designed to remove the barriers of Regular Expressions and make it easier and faster to create and apply Message Processing Policies. Join this session for an overview of Policy Builder, as well as learn several examples of its use.
Attend this session to learn:
- The fundamental components of Policy Builder
- The different processors available within Policy Builder
- How to create Message Processing Policies using real sample data
Past, Present, and Future of Security Operations
Mike Villavicencio, Channel Sales Engineer, LogRhythm
As technology evolves in the security industry, we must construe how SIEM has evolved to a security operations platform. SIEM solves threat detection and response cases through the collection of logs and applies threat detection models. While still useful and important for security operations centers, the market is changing and demanding a move to an overarching security operations platform. Join Mike Villavicencio, LogRhythm’s Channel Sales Engineer.
Attend this session to learn:
- The evolution of SIEM and its transformation to security operations
- How LogRhythm is redefining its vision for the future
- What matters most to security professionals and end users of SIEM technologies
Merge TrueIdentity Users With Ease
Adam Shackleford, CISSP, Principal Professional Services Consultant, APJ Software Engineer Manager, LogRhythm
Eric Hart, CISSP Manager, Subscription Services, LogRhythm
Today there are many different resources that outline how to manage TrueIdentity records and performing record mergers. Many of these resources are exceedingly difficult to perform or do not take advantage of API enhancements that were introduced in LogRhythm 7.5. Through using LogRhythm.Tools and LogRhythm’s 7.5+ Merge Identity API Endpoint, there are now much more efficient methods of performing identity merges. We will show how to use LogRhythm.Tools to easily combine disparate but related TrueIdentity records into a single identity record. This enhancement aligns with improving the analysts capability for more effective in performing user targeted investigations and further enriches our UEBA capabilities.
You will hear from Adam Shackleford, Principal Professional Services Consultant and Eric Hart, Manager, Subscription Services who manages LogRhythm.Tools.
Attend this session to learn:
- Understand how TrueIdentity helps a SOC/analyst review user information
- How to use LogRhythm.Tools to easily combine accounts into a single identity
Closing Statements & Pinnacle Awards
David Kluzak, Chief Revenue Officer, LogRhythm
Day 1 | Wed, 9/14
Breakfast
Registration
Partner Exhibits
Webroot/Carbonite, Avertium, RedLegg, Gigamon, immixGroup, Novacoast, and NDM
See demonstrations from LogRhythm’s trusted partners.
Becoming Your Trusted Security Partner
Chris O’Malley, President & CEO LogRhythm
After two years of virtual events, LogRhythm is incredibly excited to host our customers and partners back in Denver, Colorado for our sixth annual cybersecurity conference! Join LogRhythm’s President and Chief Executive Officer Chris O’Malley as he kicks off the conference with a breakdown of how LogRhythm is transforming to become a more trusted and strategic security partner by focusing on three main obsessions: customer satisfaction, employee engagement, and the way we work.
In this presentation, Chris will dive into the current security challenges organizations face and our mission to drive innovation so that customers can defend their organization with ease and confidence. There is a lot in store for this year’s RhythmWorld and we look forward to getting the conference started with key highlights covering the promises that LogRhythm plans to make and keep for our customers.
Operation Firewall
Stephen Ward, Managing Director, Insight Partners
The Audible Original podcast Operation Firewall is a nine episode journey detailing a groundbreaking cybercrime case led by Stephen Ward during his days as a Special Agent with the United States Secret Service. In the early 2000s the dark web was a hotbed for cybercrime and the government was more than a few steps behind. Stephen teamed up with an unlikely partner. Albert Gonzalez was a genius hacker who had recently been arrested. Stephen was able to flip him and turn him into an invaluable confidential informant. Together they took down Shadowcrew, a global cybercriminal network responsible for stealing millions of credit cards and millions of dollars from American consumers. This case was the first of its kind and they had to make the rules up along the way. Stephen and the other agents on the case even designed the first ever wiretap of a computer network. This allowed them to go undercover and infiltrate an organization made up of the most prolific hackers across the world. Hunkered down in a secret location chatting with online hackers in Russia day and night created a tight brotherhood among agents. Steve’s relationship with Albert would prove to be a lot more tricky. Could Steve truly trust Albert? And would the Secret Service back Steve when he needed them most? Their partnership, this case and the aftermath has had lasting effects on both Steve and Albert in very different ways. Operation Firewall is not just a story about a cybercrime investigation. It’s about friends and foes, loyalty and loss, belonging and betrayal- on and offline.
LogRhythm Product Demos
LogRhythm Product Experts
See LogRhythm’s Security Operations Platform and solutions in action.
Proactive Monitoring in SCADA Environment
Marcos Schejtman, Principle Software Engineer, LogRhythm
Luis Castaneda, Director of Sales LATAM, LogRhythm
OT infrastructures are a bit different than IT. Supervisory control and data acquisition (SCADA) is a system of software and hardware elements that allows industrial organizations to control industrial processes locally or at remote locations, monitor, gather, and process real-time data, directly interact with devices such as sensors, valves, pumps, motors, and more through human-machine interface (HMI) software, and record events into a log file. This session explores how to utilize LogRhythm products to expedite threat hunting in these complicated environments.
Attend this session to learn:
- Review options to monitor SCADA environments
- Use cases for utilizing LogRhythm SIEM and LogRhythm NDR to monitor SCADA
- Expediting threat hunting with the open standards that LogRhythm SIEM and LogRhythm NDR provide
Applying Data Science and Machine Learning in Cybersecurity
Melissa Ruzzi, Senior Technical Product Manager, LogRhythm
Data Science (DS) and Machine Learning (ML) are currently hot topics in cybersecurity, but applying these new technologies effectively is no simple task. In this session, we will uncover the types of data available and how the complexity of the threat landscape requires both domain and technical (DS and ML) expertise to make a proper selection of models that deliver added value to the product.
Attend this session to learn:
- Background information about data science and machine learning
- Why these new technologies are important today
- How data science and machine learning can enhance your cybersecurity journey
Lessons Learned on Adapting SIEM in Telco Environment
Leonardo Hutabarat, APAC Sales Engineering Manager, LogRhythm
Jerry Tng, VP Sales APAC, LogRhythm
Attacks made against Telcos and ISPs have steadily risen and is not only impacting IT Infrastructure but is also rapidly sneaking through OT infrastructure. As the Telecommunications industry becomes the backbone of all infrastructure, the protection of Telecommunication Asset and Infra is becoming more critical. Attend this session to learn the current trend of attacks in the Telco industry and the challenges on protecting the complex infrastructure of IT and OT. We will address common use cases and scenarios in protecting IT and OT infrastructure and the strategy required to address attack against complex infrastructure of IT and OT.
Attend this session to learn:
- Common Telecommunications (Telco) Infrastructure
- Threats against Telecommunications (Telco) Infrastructure
- Use Cases and Scenarios on the Telecommunications (Telco) Industry
- Examples of Best Practices on tools to monitor for these risks
State of the PIE
Adam Shackleford, CISSP Principal Professional Services Consultant, LogRhythm
Eric Hart, CISSP Manager, Subscription Services, LogRhythm
In today’s world, phishing attacks are at an all-time high. The potential for a phish message to wreak havoc on a company continues to grow. In this session, we will discuss how an open-source addition to the LogRhythm platform gives our customers the ability to automate and accelerate the evaluation of e-mails that have been submitted for review utilizing LogRhythm PIE (Phishing Intelligence Engine). This assists the SOC or security personnel by transforming a reported e-mail into consolidated and relevant data points with the sole purpose of determining if a message is benign or malicious.
You will hear from Adam Shackleford, Principal Professional Services Consultant and Eric Hart, Manager, Subscription Services who manages PIE.
Attend this session to learn:
- Understand the current project status and general information on why you would want to leverage PIE.
- How to install LogRhythm PIE and the underlying LogRhythm.Tools components.
- How to use LogRhythm PIE to evaluate reported phish messages
- How to use LogRhythm PIE to easily create a LogRhythm case and add the pertinent data determined by PIE to this case, thus cutting out much of an analyst’s review time.
Cyber Warfare: The New Frontline
Sally Vincent, Senior Threat Research Engineer, LogRhythm
Statistics on cyber warfare reveal that about 11% of all cyberattacks are espionage-related. In this session, we will give an overview of the state of cyber warfare and how LogRhythm Threat Research reverse engineer malware for your benefit.
Attend this session to learn:
- Overall risk evaluations
- How White House directives can assist your operation
- Help users turn threat reports into detections
Driving Value from LogRhythm NDR with Analytic Co-Pilot
Daniel Chambers, Analytic Co-Pilot Consultant, LogRhythm
Moe Hakim, Analytic Co-Pilot Consultant, LogRhythm
LogRhythm NDR is a powerful platform that monitors real-time threat detections across endpoints, data centers, and the cloud. Securing your network against advanced persistent threats (APTs) requires greater visibility to detect actors and their actions so that you can reduce your response time. As threats increase, real-time network detection and response (NDR) solutions are more critical than ever.
With built in MITRE ATT&CK engine, integrations with cloud technologies and TensorMist-AI, the platform can provide great visibility to your SOC Team, however with the added expertise of the LogRhythm Analytic Co-Pilot team, we can provide quicker time to value on your investment.
The Co-Pilot team works with customers on a weekly basis to assist with tasks from configuration to threat hunting. In this presentation we will go over how Co-Pilot can help you and your team get the most from your LogRhythm NDR deployment and some key takeaways on how to tune your setup.
Attend this session to learn:
- Introduction to the Analytic Co-Pilot Team
- Overview of LogRhythm NDR
- What happens on Analytic Co-Pilot Sessions
- Integrations with LogRhythm SIEM and other third-party platforms
Lunch
5 Trends to Track Today and Tomorrow
David Holmes, Senior Analyst, Forrester
In this expansive talk, special guest speaker, Forrester analyst David Holmes takes you on a tour of five trends you need to be tracking today and tomorrow. He’ll introduce the emerging threat of space-based attacks and defenses, explain the disruptive SASE model, provide best practices against ransomware, warn against a wave of insider threat and explain what Google missed with Chrome.
Partner Kickoff on Cybersecurity Leadership
Partners Panel
Learn from guest partner leadership about current and future cybersecurity challenges. During this panel, our partners will discuss their thoughts and advise on how to best face current threats and prepare for future risks. LogRhythm’s Gary Abad, VP of Global Channels will moderate this discussion which will include questions for the partners, which include Epoch, NDM, Novacoast, immixGroup, RedLegg, Avertium, Webroot/Carbonite, and Optiv.
Moderator:
Gary Abad, VP of Global Channels, LogRhythm
Panelists:
Kevin Mackey, Chief Revenue Officer, Epoch Concepts LLC
Robert Blomgren, Director of Sales and Security Services, NDM Technologies
Jonathan Poon, VP of Security Services, Novacoast, Inc.
Ryan Nelson, Market Intelligence and Analytics Manager, immixGroup- Christian Martinez, Security Solutions Manager, RedLegg
- Rob Wille, Sr. Solutions Architect, Avertium
- Mark Wainess, Sr. OEM Sales Executive, Webroot
Matt Siwicke, Director of Security Operations, Optiv
The Value of LogRhythm UEBA and Why Do I Need It
Bill McGovern, Regional Sales Manager, LogRhythm
Brandon Pace, Principal Sales Engineer, LogRhythm
As a growing point of entry for an attack, users are a difficult vector to monitor and secure. To confront the tidal wave of attacks, you need to hone your attention on users by harnessing the power of user and entity behavior analytics (UEBA).
An effective security program monitors and correlates endpoint, network, and user activity to provide comprehensive visibility into an environment. Focusing on your users’ activities gives you an important vantage point to identify threats before they become damaging breaches. Theft, misuse, and exploitation of user accounts are fundamental tactics used by attackers in each phase of the cyberattack lifecycle.
Attend this session to learn:
- What is UEBA
- Why do you need UEBA
- How do you use UEBA
Getting the Eyes in the Cloud with LogRhythm NDR & Gigamon
Jake Haldeman, Channel Sales Engineer, LogRhythm
Gene Ballard, Senior Sales Engineer, Gigamon
When an incident occurs, network traffic does not lie. If the workload is on-prem, containerized, virtualized or just “in the cloud,” we want to effectively monitor and capture traffic to identify incidents as they occur. The limitations of port mirroring in the cloud means we must think creatively to successfully monitor cloud assets. In this session, you will learn techniques to monitor cloud traffic.
Attend this session to learn:
- Gigamon’s solution to capture network traffic in the cloud
- LogRhythm’s ability to process traffic to determine IOAs and actionable incidents such as domain-generation algorithm and data exfiltration
- How LogRhythm NDR can help detect and respond to incidents
MITRE ATT&CK Ransomware Module
Brian Coulson, Principal Threat Research Engineer, LogRhythm
Detection of ransomware usually comes in the form of an attacker notifying the company that their files have been encrypted and are being held for ransom. This session will cover our newly created MITRE ATT&CK: Ransomware module and how it can be leveraged to detect ransomware techniques in your environment.
This presentation will focus on the MITRE ATT&CK techniques primarily observed in ransomware operations. A demonstration of ransomware being used in a test environment will be shown along with detection of the ransomware.
Attend this session to learn:
- Awareness of the MITRE ATT&CK Ransomware module
- What MITRE ATT&CK techniques are important to detect ransomware
- How you can run a ransomware simulation in your test environment
SSH Chaining…Who’s Jumping and Pivoting from System to System Using SSH
Brian Coulson, Principal Threat Research Engineer, LogRhythm
Sally Vincent, Senior Threat Research Engineer, LogRhythm
SSH chaining, which is identified in MITRE ATT&CK Technique T1572:Protocol Tunneling, is a method to move laterally, from one system to another. This method of lateral movement is difficult to detect. In this talk, we will demonstrate SSH chaining, auditing that needs to be in place and how MITRE ATT&CK Technique T1572 will detect this activity.
In this presentation, we will demonstrate SSH chaining in a demo. We will also demonstrate what can be done as an attacker, and how to detect an attacker abusing SSH to move laterally through an environment.
Attend this session to learn:
- What SSH Chaining is, and how it is used by an attacker
- MITRE ATT&CK Technique T1572:Protocol Tunneling
- How to use the MITRE ATT&CK T172:Protocol Tunneling AIE rule to detect SSH Chaining
LogRhythm API Overview & Essentials
Ryan Gamboa, Product Manager, LogRhythm
Equipped with LogRhythm’s REST APIs, customers and partners can build custom integrations with other software, fulfill new use cases, and automate mundane administrative tasks. In this presentation, you will learn what APIs are available and how to get started using them.
In this session you will learn:
- An overview of APIs basics
- A summary of available LogRhythm APIs
- A review of tools to get you started with using LogRhythm APIs
Developing a Security Monitoring Strategy
Jake Anthony, Senior Sales Enterprise Engineer, LogRhythm
Alf Melin, Global Head of Security Operations Centre, Getronics
Organizations have relied on point solutions in security monitoring for too long without thinking about the “why.” This presentation will focus on the SOC Visibility Triad and how Getronics and LogRhythm leverage it to improve an organization’s approach to Security Monitoring.
Attend this session to learn:
- Real world examples (such as Intersnak)
- Explanation of three LogRhythm core technologies and how their overlapping visibility can help
- Leveraging specific LogRhythm SIEM and LogRhythm NDR toolsets
LogWars
Live Capture the Flag Competition
Sponsored by Epoch Concepts
Coming soon
Day 0 | Tues, 9/13
Registration
Welcome Reception
Partner Exhibits
Webroot/Carbonite, Avertium, RedLegg, Gigamon, immixGroup, Novacoast, and NDM
See demonstrations from LogRhythm’s trusted partners.
RhythmWorld Sponsors
Connect with our sponsors to find the right technology and services for your organization.
Platinum Sponsors
Silver Sponsors
LogWars Sponsor
Happy Hour Sponsor
