LogRhythm, the leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. Subscribe now to learn about today's evolving threat landscape, the hottest enterprise security topics and how LogRhythm's Security Intelligence Platform can keep you one step ahead of cyber criminals.
Learn more about LogRhythm's Security Intelligence Platform: http://www.logrhythm.com/
In this webcast, we take an actual real-world example of a SIEM (in this case LogRhythm), and an IAM (Okta), and demonstrate how their integration matures an organization’s security posture.
Randy Franklin Smith (of UWS) and Greg Foss (LogRhythm) dive into how Security Analysts can make more informed decisions and perform better investigations when they have a full picture of IAM events spanning on-prem and cloud-based activity — and how organizations can respond rapidly to security alarms with automatic protective measures.
Greg Foss is a recognized security expert who created LogRhythm Invoke-Okta, a bidirectional integration framework that provides for easy interaction and automation with Okta and the LogRhythm SIEM.
In this webcast, you'll learn how to:
• Visualize and analyze data from Okta in your SIEM
• Identify accounts that have compromised credentials by monitoring for successful authentications paired with failed multifactor logins
• Utilize the Okta API to automate security tasks
• Build upon identity monitoring to work towards a “Zero Trust” architecture
Randy Franklin Smith (Ultimate Windows Security) and Brian Coulson (LogRhythm)Recorded: May 7 201989 mins
MITRE ATT&CK is a knowledge base and framework that lists and details adversary tactics and techniques within a common taxonomy. Having a taxonomy by itself has many valuable uses, such as providing a common vocabulary for exchanging information with others in the security community. But it also serves as a real technical framework for classifying your current detection efforts and identifying gaps where you are blind to certain types of attack behaviors.
In this webinar, Randy Franklin Smith of Ultimate Windows Security and Brian Coulson of LogRhythm will introduce viewers to MITRE ATT&CK, as well as:
- Share various ways to use ATT&CK, specifically in relation to designing, enhancing, assessing, and maintaining your security monitoring efforts.
- Discuss LogRhythm Labs’ project that includes aligning the ATT&CK matrix with log sources.
- Walk through an example of the MITRE attack process from start to finish while focusing on rule development and alignment in the LogRhythm NextGen SIEM Platform.
Brian Coulson, from LogRhythm Labs, is leading an outstanding project at LogRhythm Labs where-in he will show you how they’re aligning the ATT&CK matrix with log sources, including windows event logs (XML – Security, XML Sysmon 8.0 and XML-System). While the matrix is wide spread in what it monitors, there are effective ways to filter around common and relevant detection techniques and logs.
Luis Rico (LogRhythm) and Randy Franklin Smith (UWS)Recorded: Apr 25 201991 mins
Too often, when looking for malicious network traffic you either search for known bad or investigate anomalous traffic that doesn’t look normal. That reactive approach is time consuming, and potentially over-reliant on searching for larger concerns. Fortunately, new solutions use advanced analytics to proactively identify, enrich and alert on malicious traffic.
Why is this important?
Detecting known bad traffic is great when it works, but it’s a lot like signature-based AV (which is rigid and unable to detect unknown threats):
**Only really effective for widespread, generalized attacks – not so great for unique targeted attacks
**There’s an indefinite amount of time before the malicious traffic signature, domain name or IP makes it into the pattern updates and threat intel feeds from your vendors
**Detecting anomalous traffic can address the aforementioned weaknesses, but in practice it depends heavily on how – and how well – you define anomalous traffic, and how quickly (accurately) you can spot it.
Security practitioners are getting better by the day at looking for anomalies. Here’s just a few:
**Unrecognized port protocol numbers
**Malformed/non-compliant traffic compared to protocol expected on known port
**Protocols you don’t want or at least don’t expect to see in the given context
**High bandwidth usage for that protocol
**Disproportionate inbound/outbound bandwidth usage for a given endpoint
**Suspicious Destination/Source IP combinations
In this real training for free event, we will explore how to analyze your network so that you can learn and understand its traffic patterns and get a handle for what’s normal. You’ll then be able to take this information and look for anomalous traffic, build known-bad detections and make your network detection and response (NDR) technologies and efforts smarter.
Susana Hernansanz (LogRhythm, Technical Product Manager) and Sam Straka (LogRhythm, Technical Product Manager)Recorded: Apr 3 201938 mins
Email security continues to be a central concern for organizations as they advance their security posture and reduce risk. Between password leaks, brute force attacks and phishing, email credentials and actual email sends continue to be at jeopardy. Of further concern is that missing the initial compromise – often via email platforms – can enable the attacker to collect data and move laterally into more valuable environments.
In this webinar, Susana Hernansanz and Sam Straka – both Technical Product Managers at LogRhythm - will highlight the value of ingesting and monitoring O365 logs via your NextGen SIEM. With LogRhythm the data will be enriched, normalized and contextualized for efficient use in threat hunting and alarms.
Join the webinar to learn how:
•LogRhythm’s Phishing Intelligence Engine (PIE) – an open source tool (GitHub link) provides an Active Defense framework built around O365
•Our platform ingests logs from the O365 Security & Compliance Center
•Detecting auto-forwarding (via O365 logs) can highlight potential phishing attacks and potential victims
Christopher Crowley (SANS) and Sara Kingsley, (LogRhythm)Recorded: Jan 31 201956 mins
There’s no question about it: Legacy SIEMs hinder your ability to achieve your security objectives. Traditional solutions are limited and often lack the flexibility to scale and grow as your security needs increase. To combat today’s threats, you need a next-gen SIEM that leverages the architecture and security capabilities that are best suited to detect both known and unknown threats within your environment. But what makes a SIEM “next-gen”? And how do you know if the SIEM technology you’re looking at possesses these requirements?
In this on-demand webcast, Christopher Crowley, senior instructor at SANS, and Barbara Filkins, senior analyst at SANS, join Sara Kingsley, senior product marketing manager at LogRhythm, to explain what comprises a modern SIEM solution and share tips for evaluating a next-gen SIEM platform.
In this webcast, you’ll learn:
- How next-gen SIEM capabilities map to the modern security team’s needs
- The architectural requirements for a solution to support these needs
- The evaluation steps you can take to select the best SIEM for you
- The questions you should ask SIEM vendors to support your evaluation process
Watch the webcast now to get the tools you need to evaluate and choose a next-gen SIEM that fits the needs of your organization’s requirements.
Nathan "Q" Quist (LogRhythm) and Randy Franklin Smith (UWS)Recorded: Dec 20 201896 mins
Dabble or Deep Dive: 7 Different Threat Hunts You Can Do With Available Resources
In this real training for free session, we will discuss the minimum toolset and data requirements (and not necessarily volume) you need for successful threat hunting. We will take into account that while some of you can devote most of your time to threat hunting, most of us have limited time and resources for this activity. The good news is that threat hunting is flexible and anyone can do it, ranging from a few hours a week to full-time.
As just one example, a great type of threat hunting is to look for unrecognized/suspicious executables running on you network. You can dip your toe in the water with this type of hunt with a small commitment of time and resources or you can plunge in deep with a major data collection and analysis effort. Starting out simple means you just focus on EXE names; baseline the EXE names being executed on your network, and then perform a daily review of new EXE names showing up for the first time. You can get this information from event ID 4688 and the query capabilities are very light. But I think you’ll be surprised what you are able to learn and catch.
We will take the same approach with a total of 7 types of threat hunting:
Recognizing suspicious software
LogRhythm is sponsoring this real training for free event and Nathan Quist (aka “Q”) is helping me on this event. Q is LogRythm’s Threat Research Engineer and works with LogRhythm’s internal SOC team and its clients to perform deep dives into their environments to uncover threats facing our industry.
Jake Reynolds (LogRhythm) and Doug Hurd (Cisco)Recorded: Dec 13 201856 mins
Smarter, faster security through LogRhythm and Cisco integrations
LogRhythm and Cisco are committed to helping you enhance your security operations through the seamless integration and powerful capabilities of the LogRhythm Threat Lifecycle Management platform and Cisco’s Threat Grid, Umbrella, Firepower and ISE.
Currently integrating with over three dozen Cisco products, LogRhythm provides centralized visibility and advanced security analytics across the Cisco-enabled environment and makes security events actionable in the network. Stay in front of cyber adversaries and proactively detect, respond to and remediate cyberthreats with this powerful integration.
In this technical webinar, you’ll learn how to:
- Gain immediate insight with Cisco and LogRhythm’s comprehensive visibility
- Streamline investigations with Umbrella and Threat Grid
- Accelerate and enable endpoint and perimeter remediation with ISE and ASA
Steve Kaufman (LogRhythm) and Paul Asadoorian (Security Weekly)Recorded: Nov 15 201857 mins
Tips & Tricks for Defending the Enterprise Using Open Source Tools
One of the common complaints I hear from security professionals is, “I don’t have the budget for that.” Do you know many of the tools that can solve problems in the enterprise are free, as in free beer? You don’t have to buy commercial products to secure your entire enterprise. Sure, there are some areas that do require a PO, however, there are also several areas of your security program that can be implemented using free and/or open source tools.
Learn which aspects of your security program can benefit the most from these tools, and how to configure and use them. (Free beer will NOT be provided during this webcast, however, you are encouraged to bring your own, as the presenter’s jokes may be funnier if you are enjoying an adult beverage.)
– Lightweight threat intelligence: pi-hole in the cloud (+TacyonNet)
– Vulnerability profiling: Integration with vFeed
– Patching your systems with Ansible
– Network monitoring with Bro
– High-performance firewalls with OpnSense
– The best free training resources
Steve Kaufman, a Technical Product Manager from LogRhythm, will be joining the webinar to cover how security technology vendors are aligning with open source tools. He’ll explore how LogRhythm’s architecture, including elasticsearch, enables the product to integrate with open source tools.
Erik Bartholomy (LogRhythm) and Eric Parent (Sonepar)Recorded: Sep 18 201848 mins
Building a Cybersecurity Architecture to Combat Today’s Risks:
Foundations, Visions, Testing and the Role of SIEM
The rapid development and adoption of cloud infrastructure, mobile workforces, IoT and other susceptible environments has mandated a reappraisal of security architecture. Modern organizations are recognizing their security posture may not be keeping up with the threat landscape, and this leads to frightening discoveries around the safety of their data and networks.
In this webinar, Erik Bartholomy – a Security Architect at LogRhythm – will be joined by Eric Parent – CISO at Sonepar – to discuss how security architecture is developing to face the current threat landscape. Failures in past layered approaches are frequent, and serve as valuable learning lessons on the importance of proactive monitoring and response.
During the webinar our speakers will discuss:
•How LogRhythm’s POC enabled Sonepar’s team to efficiently expedite threat detection, and improve their SOC and analyst efficiency
•The guiding principles and technology behind modern security frameworks and architecture, including the rise in popularity and value of the Zero Trust Framework
•How security architecture helps align IT security with business strategy and current threats
•Adapting architecture to accommodate different environments, including on-premises, cloud, and hybrid cloud
Julian Crowley and Vaughn AdamsRecorded: Aug 15 201826 mins
As the value of patient records, infrastructure, and services grows, the health care industry continues to become a major target for cyberattacks With an expanding attack surface — due to cloud infrastructure — it's critical this vulnerable industry continues to mature its security capabilities for its most valuable data and apps.
Epic Systems is a market-leading Electronic Health Records (EHR) vendor widely used by large hospitals and health systems to access, organize, store, and share patient medical records. Given the volume and sensitivity of personal data on Epic platforms, it’s critical to ensure threats to patient privacy are detected and mitigated quickly.
In this webinar you’ll learn how organizations in health care are using LogRhythm’s Epic Hyperspace App, combined with traditional security data, to provide greater value and network visibility. Members of LogRhythm’s Strategic Integration team and Health Care Sales Engineering team will show you how LogRhythm’s Epic Hyperspace App provides a focused point solution for real time visibility — as well as detection of suspicious activity within an Epic deployment. See how this app provides real-time visibility (including alarms and reports) into:
· Inappropriate access or access attempts to patient medical records
· Inappropriate attempts to record or download patient medical records
· Users and systems trying to access the EHR
· Context of the user who is accessing the patient records
· Logic or reasoning behind the attempted access to medical records
If you have Epic and LogRhythm, this is a must-see webinar. If you use another EHR, use the information from this webinar as a template on how and why to monitor your EHR platform.