Relive the digital experience or check out the content for the first time through our on-demand library of keynotes, content sessions, and partner videos. Watch our recommended sessions or explore all content at the link below. Enjoy!
By entering in RhythmWorld Security Conference you agree to the Event Registration Terms.
Stay on the forefront of security trends and topics with sessions lead by industry experts.
Bring key insights back to your organization and have fun along the way.
Discover the latest LogRhythm capabilities and solutions designed to strengthen your security operations.
Hear how other industry experts are solving their business challenges with LogRhythm.
Grow relationships with your LogRhythm peers and connect with like-minded security professionals.
In a perfect world, your organization would staff a 24×7 SOC with highly talented cybersecurity professionals to secure its IT environment. But the truth is, a seemingly endless stream of new and complex cyber-attacks has driven the demand for qualified professionals through the roof and the number of unfilled positions has soared.
While there is no one-size-fits-all approach to solving the cybersecurity skill gap, our panel of experts will provide practical advice for finding and building a team with the right set of skill. Panelists will also discuss critical skill sets and outline resources to help you grow in your cybersecurity career. Moderated by Andrew Hollister, Senior Director of LogRhythm Labs.
You’ll learn:
Most customers use LogRhythm NetMon for network traffic visibility, but the NetMon Deep Packet Analytics (DPA) engine takes network analytics to a whole new level. DPA rules can detect malware communications such as C2 traffic & Domain Generation Algorithms (DGA’s), SMB & DNS vulnerabilities, ICMP tunneling and more! The intention of this technical deep dive is to provide practical solutions to common network threat detection problems.
In this talk, I will introduce NetMon Deep Packet Analytics rules by using them to solve five example use-cases:
This talk is accompanied by a hands-on lab ‘NetMon DPA Rules’; attendees are encouraged to take part to reinforce the lessons from this session. Lastly, it is encouraged for attendees of this talk to also listen to the ‘Malware Analysis 101’ session which expands on some of the core topics within this session.
The goal of Cyber Threat Intelligence is (CTI) to take a proactive approach to InfoSec. Threat Intelligence works to aggregate external indicators of compromise (IOCs) and integrate with a unified workflow to mature security operations.
Join this webinar to learn about the current CTI space, technologies, use-cases, best practices and how your existing tools can leverage cyber threat intelligence.Presenters include Sander Bakker, a veteran in the cyber security space, and Oliver Gheorghe, a former CTI consultant and Oasis member.
You’ll learn:
There’s nothing like having visibility into the internal activity of endpoints for detecting threats; but you can’t always deploy an agent on every system or get logs from them. The beauty of network monitoring is the wide visibility it provides into the interactions between endpoints, servers and the Internet at large, all with a relatively few points of observation throughout your network, and without touching any endpoints.
In this real training session, join Ramy Ahmad, LogRhythm sales engineer, as he discusses different real-life use cases to increase visibility into your network.
These scenarios including:
Please join us for this hands-on and technical event where we get down and dirty with packets.
Join a conversation and share best practices with your peers in European Region. This discussion will be facilitated by Professional Services consultant, Simon McDowell and Senior Customer Success Manager, Amar Kaila.
Attendance is capped at 30 customer attendees and will be managed on a first come, first serve basis.
Join a conversation and share best practices with your peers in the Middle East, Turkey, and Africa regions. This discussion will be facilitated by Professional Services consultant, Haitham Ali Bushara and Customer Success Manager, Majid Dohaji.
Attendance is capped at 30 customer attendees and will be managed on a first come, first serve basis.
2020 is proving to be another year of front-page ransomware attacks, state-sponsored hacking campaigns, and waves of data breaches. On top of direct attacks, security teams are facing natural disasters, a complicated geo-political environment, and changing workplace. Considering the continuously evolving threat landscape, what is the state of cybersecurity today?
In this panel, industry leaders will discuss the security industry as it stands today and their insights into the future. They’ll also cover the biggest threats, latest innovations, and their visions for the industry.
This panel is moderated by James Carder, LogRhythm Chief Security Officer. James is joined by several information security titans, including:
Attacks on operational technology (OT) have been on the rise the for decades. The rise began with the Stuxnet worm that attacked Programmable Logic Controllers (PLCs) in SCADA systems and has increased sharply in the last few years. Not only do these attacks threaten national interests, but as OT continues to be vital in day to day operations, overall business continuity is also endangered. As such, detecting OT threats has become a top priority as governments and organizations around the world implement programs and deliver mandates to protect critical infrastructure and business operations, across all sectors and verticals. ‘
While limiting security and operational risk is a crucial issue, sometimes it’s easier said than done. Join this panel to hear security experts from across industries discuss business challenges, ways to evaluate risk, and strategies to reduce business risk with operational technology.
Moderated by James Carder, LogRhythm Chief Security Officer.
You’ll learn:
Maintaining the health of your LogRhythm deployment is critical to keep your security and operations program running smoothly. In this session, experts from LogRhythm will take an in-depth look at Diagnosing and resolving root causes for three different common issues, using proven methodology from the field.
You’ll learn:
PA malware analyst is made up of two parts, one-part reverse-engineer and one-part detective. The of a goal of these White Hats are to understand how a piece of malware works in order to ultimately help detect and defend against it. This exciting area of cybersecurity is not limited to specialized engineers with formal education, as many resources are available for those willing to learn.
In this webinar, cybersecurity veterans Daniel Crossley and Sally Vincent will give an overview of malware analysis. Additionally, the pair will provide the tools and techniques to start your own malware analysis lab.
Key takeaways:
Cybercriminals can compromise systems in just a matter of minutes. However, it could take weeks or even months to detect a possible threat. To reduce your mean time to detect (MTTD) and your mean time to respond (MTTR) to cyberthreats, you need to find a solution to automate your threat hunting capabilities.
This session will cover best practices to improve your threat hunting using LogRhythm.
You’ll learn:
Every organization is unique, with a different set of operational circumstances governing specific requirements and the scope of implementation. A network might be highly segmented due to security policies or geographic distribution, mandating specific collection capabilities. Or an organization might be constrained by budget and staffing limitations, requiring an incremental approach to rolling out a deployment. No matter the circumstances, architecture plays an important role in determining the long-term success of any SIEM implementation.
In this session learn the different architectural components of LogRhythm and outline the benefits of a proper configuration. Using real world examples taken from the field, presenters will outline the advantages of the LogRhythm Unified License Program (ULP) and how you can add resilience to your LogRhythm deployment.
You’ll learn:
Based on an article from John Lambert, “The Githubification of InfoSec”, John presents “If organizations were to contribute and share their unique expertise using these frameworks, and organizations were in this way to build on the expertise of others, defenders in every organization would benefit from the best defense in any organization.” We will explore how Jupyter Notebook can be used with LogRhythm in ways that will champion the concept of what John wrote.
Dan Kaiser, threat research senior engineer, Sally Vincent, threat research engineer, and Brian Coulson, principal threat research engineer, will demonstrate three distinct projects using the Jupyter Notebook, and integrations with LogRhythm. You will see how Jupyter Notebook uses the LogRhythm Rest API, work with Case, and Search, query MITRE ATT&CK, and perform threat hunting in a shareable manner.
You’ll learn:
Join a conversation and share best practices with your peers in the Media and Technology Industry. This discussion will be facilitated by Professional Services Consultant, Connor Lutz and Senior Customer Success Manager, Brandon Fox.
Attendance is capped at 30 customer attendees and will be managed on a first come, first serve basis.
Join a conversation and share best practices with your peers in the Healthcare industry. This discussion will be facilitated by Senior Professional Services Consultant, Derek Dalby and Senior Customer Success Manager, Amanda Wills.
Attendance is capped at 30 customer attendees and will be managed on a first come, first serve basis.
Join a conversation and share best practices with your peers in the Education space. This discussion will be facilitated by Senior Professional Services Consultant, Scott McDonough and Customer Success Manager, Amy Johnson.
Attendance is capped at 30 customer attendees and will be managed on a first come, first serve basis.
Join a conversation and share best practices with your peers in the Latin America region. This discussion will be facilitated by our Sales Engineers in the region, Marcos Schejtman, Carlos Alcocer, and Luis Rico and Customer Success Manager, Neri Perez.
Attendance is capped at 30 customer attendees and will be managed on a first come, first serve basis.
As ransomware attacks continue to hit the headlines around the globe they pose a major threat to businesses of all sizes. How do you protect your organization against ransomware effectively to reduce risk?
This session will discuss how to use LogRhythm to defend your organization against ransomware.
You’ll learn:
Threat hunting with MITRE ATT&CK techniques can be approached in several ways. Join members of the LogRhythm Labs team as they take you on a journey of how to use MITRE ATT&CK techniques and LogRhythm to make your threat hunting activities more valuable and effective. They will start the journey using the known techniques of MITRE ATT&CK Group APT 29, also known as the Russian threat actor group The Dukes or Cozy Bear. The team will describe the known Indicators of Compromise (IOCs) like file hashes, IP addresses, etc., and how IOCs play into MITRE ATT&CK technique searches, and dashboards. Finally, the team will dig into more unknown, or suspicious activity based on the techniques by focusing on encoded PowerShell.
You’ll Learn:
The LogRhythm NextGen SIEM Platform is undeniably a powerful tool, unfortunately some customers aren’t using the product to it’s full potential. This session will discuss features and best practices that can help make you more efficient in your day-to-day activities. Specifically, the presenter will cover the basics for managing a healthy events database and tips for managing the LogRhythm Web Console. Additionally, he’ll discuss standard and new features found in the Web Console, such as Tail, that can improve your effectiveness as an analyst.
You’ll learn:
LogRhythm and the University of Colorado Denver partnered in 2019 to develop an online graduate course in IT Risk Management. Delivered in the Spring of 2020, this course provided students with the fundamentals of security analysis in the commercial enterprise and featured hands-on labs using the LogRhythm NextGen SIEM. This course culminated in the LogRhythm Security Analyst certification exam which not only provided students an understanding of how to detect and respond to a real-world cyber threat but offered instant career marketability with an industry recognized certification.
Since then, LogRhythm has partnered with numerous other higher education institutions to provide real-world, hands on training to the security analysts of tomorrow. This panel features a conversation between LogRhythm, CU Denver, and InfoSec Learning on their goals, challenges, outcomes, lessons learned, and future plans. If you’re a customer from an institute of higher learning, or a partner with EDU customers, this is a session you don’t want to miss.
On April 9th, 2019, LogRhythm Labs released the MITRE ATT&CK Module, with a focus on high efficacy technique detections. Since our initial release, we’ve learned a lot regarding what techniques are the most valuable to detect, how to optimally threat hunt using the techniques, and where we should focus next in our MITRE ATT&CK technique detections.
Dan Kaiser, threat research senior engineer, Sally Vincent, threat research engineer, and Brian Coulson, principal threat research engineer, will focus heavily on MITRE ATT&CK Technique: PowerShell, ID: T1059.001. Microsoft PowerShell is a modular shell native in Windows, and with PowerShell 7, also works on Linux and Mac. PowerShell enables users, and administrators to do tasks in a very efficient way. It also is heavily abused by adversaries performing malicious actions. How does LogRhythm Labs design a detection for a technique that can be used for good, and bad? We will present our challenges from additional logging requirements, detecting PowerShell usage, testing PowerShell detections, and how you can take detections that event heavily and create actionable alarms.
Key takeaways
Join a conversation and share best practices with your peers in Asia Pacific Region. This discussion will be facilitated by Professional Services consultant, Brian Holt and Customer Success Manager, Michael Hubbard.
Attendance is capped at 30 customer attendees and will be managed on a first come, first serve basis.
Your company is concerned about unauthorized access to financial files. To help combat the potential threat, your SOC team created a LogRhythm File Integrity Monitoring (FIM) policy to monitor for unauthorized access. With the FIM policy in place you now must continue to monitor activity and investigate users attempting to access unauthorized areas.
In this lab, you will:
Kibana allows you to visualize data in any form you wish, to build custom visualizations, custom dashboards and to run your own searches and investigations against data held in LogRhythm’s DX.
In this lab, you will:
Follow the installation process for adding Kibana to your LogRhythm instance. At the end of the lab, you will be able to setup Kibana and create your first “it’s working” dashboard.
In this lab you will:
A security analyst uses many tools to triage alarms and perform research. Contextualize Actions speed up the process of performing looking up metadata from LogRhythm in third party tools. Learn how to create, deploy and configure new web contextualization actions.
In this lab you will:
As an SOC team member, you are concerned with responding to threats promptly so that damage can be prevented or minimized. You want to create a SmartResponse that will log off users from a host. Learn how to create a simple SmartResponse plugin (SRP) from scratch. You will practice writing the wrapper, creating the payload, and deploying the plugin.
In this lab you will:
This lab will guide you through connecting to the LogRhythm API, performing some test requests, and creating a script to interface with the API.
This is achieved through the following steps:
Ever set up a new AI Engine alarm and wondered if it will fire? In this lab, learn how to use the LogRhythm Echo tool to generate logs that can be used to validate a functional SIEM as well as test alarms.
In this lab you will:
Log source management is a key administrative task in any LogRhythm environment. As an administrator, you will spend a lot of time managing your log sources. In this lab, you will practice the key tasks necessary to get data flowing into LogRhythm!
Specifically you will:
An essential part of tuning the SIEM involves overriding the default behavior of the Message Processing Engine. LogRhythm provides several tools to Administrators to achieve desired results. The most common are Global Log Processing Rules (GLPR’s) and the Classification Based Data Management System.
In this lab you will:
How does a SOC respond to a phishing message? By monitoring message tracking logs in Exchange or O365 getting Phishing Email reports into LogRhythm can be quick and fully automated. Creating an Alarm for an Analyst to know when this occurs and kick-off a corresponding investigation in LogRhythm.
In this lab, you will import an Office 365 Dashboard, Simulate Office 365 Log Ingestion and create an alarm when a Phishing Email is reported
Playbooks are a powerful tool to further enable your SOC. In this lab, you will empower your SOC analysts by creating a playbook. You will also configure the Case SmartResponse Plugin to automatically attach the playbook to specific types of cases. Finally, you will set up a dashboard to monitor metrics around case statuses.
In this lab you will:
LogRhythm has multiple built-in reports and monitoring tools that can help an Administrator determine the overall utilization of the platform and whether it is healthy. This lab will demonstrate how to utilize these tools to maintain overall health and get the most out of your LogRhythm deployment.
In this lab you will:
Interacting and integrating services through REST APIs can be a challenge. LogRhythm.Tools, a Windows PowerShell module, has been developed to expand the accessibility of LogRhythm’s RESTful APIs. Through this lab you will step through some of the capabilities of this toolkit to learn how you can interact, integrate, and expand your use of LogRhythm.
In this lab you will:
You have been asked to bring on a log source that is not currently supported in LogRhythm’s Knowledgebase (i.e., a custom, proprietary log source, a new product that’s not yet supported, etc.). In this lab, you will live the life of a LogRhythm administrator that is tasked with bringing on a new, unsupported log source.
In this lab you will:
Your SOC team is concerned the company’s financial information may be at risk. You create a LogRhythm File Integrity Monitoring (FIM) policy that monitors files in the F:\Finance directory on a honeypot server. The FIM policy name is FinanceDataFIM.
In this lab, you will gain hands on experience in many of the techniques used by the best LogRhythm threat hunters. You will explore how to identify, qualify and investigate potential threats using the Web Console.
In this lab you will:
As an Administrator, you are monitoring the LogRhythm Web Console and observe that a number of Alarms are triggering on specific IP’s, URL’s, and Domains. You want to be able to determine where this malicious content is coming from within the LogRhythm Web Console UI for follow-up action.
In this lab you will, install, configure, and execute, the VirusTotal SRP to create the following reports.
We are facing a truly unprecedented situation. The coronavirus pandemic has affected all our families, our businesses, our communities, and our way of life. To ensure the safety of our customers, partners, and employees we have chosen to move RhythmWorld to a virtual event. We hope that a free virtual experience will provide opportunities for our global network to learn, grow, and engage.
The digital security conference will be web-based. All you need to participate is your computer and a reliable internet connection.
We are planning to host an epic virtual LogWars CTF as part of RhythmWorld 2020. Details about how to register and participate will be provided closer to the event.
