The Reality of Ransomware
LogRhythm provides seamless interoperability bringing unrivaled visibility into your Cisco security hardware and software portfolio to enhance your security operations.
Read More LogRhythm Enhances Cisco's Security Hardware and Software Portfolio
LogRhythm provides seamless interoperability bringing unrivaled visibility into your Cisco security hardware and software portfolio to enhance your security operations.
Read More7 Steps to Build Your Security Operations Center
Cyberattacks such as WannaCry and Petya/NotPetya are becoming today’s norm. Keeping up with the growing rate of cyberattacks may seem impossible when your business is lacking in security resources and staff. Most organizations report that they cannot afford to staff a 24x7 security operations center (SOC). Building an automated SOC can enable your team to rapidly detect and respond to threats.
Read MoreIntegrated Endpoint Protection and Response
This powerful integration, combines Carbon Black’s complete endpoint detection and response solution with the advanced analytics and automated response capabilities of LogRhythm.
Read MoreMamba Ransomware Analysis
The LogRhythm Labs team provides analysis on Mamba—a strain of ransomware identified in 2016—after its recent resurgence. This goal of this in-depth analysis is to ensure users are prepared to protect their systems and to help prevent future infection of this malware variant.
Read MoreBuild a Highly Efficient SOC—Even with Limited Resources
In a perfect world, you’d have a 24x7 SOC. But the reality is that you may have only one or two full-time employees faced with the daunting task of identifying possible signs of intrusion and compromise. But there is a solution: Build a SOC that automates as much work as possible so your staff can focus on what's important.
Read MoreIdentifying PowerShell Tunneling Through ICMP
Hackers are constantly looking for ways to bypass traditional network defenses, and exploiting the Internet Control Message Protocol (ICMP) as a covert channel for a reverse shell is a commonly used method for attack. However, you can use LogRhythm’s Network Monitor to identify PowerShell tunneling through an ICMP.
Read MoreUsing LogRhythm to Support Preventative Cybersecurity Strategies
by Chris Martin
In response to the recent WannaCry and Petya/NotPetya cyberattacks, see how LogRhythm can help you implement or validate your prevention strategy.
Read MoreNotPetya Technical Analysis
by Erika Noerenberg
Although initially labeled as ransomware due to the ransom message that is displayed after infection, it appears now that NotPetya functions more as a destructive wiper-like tool than actual ransomware. This post reviews an in-depth technical analysis of NotPetya, including recommended security measures.
Read MoreUsing Deep Packet Analytics to Extract Specific Bytes
One of the hidden features of NetMon's deep packet analytics (DPA) language is that you can extract specific bytes out of a packet inside of a packet rule. Although NetMon classifies over 3,100 applications and extract many thousands of metadata fields, there is always more to learn about network traffic. In this post, you'll learn the proper techniques for extracting specific bytes out of a network packet using DPA.
Read More