Hi [[ session.user.profile.firstName ]]

New Techniques to Strengthen Threat Detection

Your security information and event management (SIEM) tool provides you with real-time analysis of security alert generated by applications and network hardware.

Combining your SIEM technology with a ZTNA model can be extremely advantageous.

Watch on-demand as Paul Caiazzo, Avertium CISO and Brian Emond, LogRhythm Director, Sales Engineering, discuss the role of a security information and event management (SIEM) tool that provides you with real-time analysis of security alerts and its important role in ZTN.

Watch to gain insights on:
•The benefits of a SIEM as part of a ZTNA model
•How ZTNA affects your threat detection and response strategy
•How tools like LogRhythm can be used in conjunction with ZTNA to drive synergy within your threat detection and response processes.
Recorded Feb 23 2021 59 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Paul Caiazzo and Brian Emond
Presentation preview: New Techniques to Strengthen Threat Detection

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • [EMEA] Logging & threat detection in the cloud Jun 22 2021 9:00 am UTC 43 mins
    Dan Crossley, SE CISSP, LogRhythm
    The momentum behind the growth of cloud services is unstoppable, as businesses seek software, applications, and infrastructure that are more flexible and cost-effective. According to analysts, nearly half of all application spend is now invested in cloud services, and this cloud-first trend is only going in one direction.

    In this technical webinar LogRhythm’s Daniel Crossley outlines logging and threat detection strategies within cloud environments, including Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure and Office 365.

    The session covers:
    • Logging: An overview of cloud logging mechanisms
    • Log ingestion: Log collection from cloud environments
    • Analytics: Threat detection use cases for cloud environments

    The aim of this session is to give you a better understanding of logging and threat detection in cloud environments.
  • [APAC] Introducing MistNet NDR by LogRhythm: Network Threat Detection Made Easy. May 26 2021 2:00 am UTC 58 mins
    Dan Crossley, Enterprise Sales Engineering Manager and John Golden, Enterprise Sales Manager, LogRhythm
    If we reflect on the cybersecurity news of 2020, it is clear that determined threat actors are using carefully planned and sophisticated attack techniques to breach the networks of target organisations. In any successful cyber intrusion, the threat actors successfully evaded the endpoint security systems, but the network communications provides us with an opportunity for detection.

    In this on-demand webinar, you will learn three key network-based techniques that threat actors will employ during a typical attack on a target environment. We discuss why these techniques are so successful and why you should consider an NDR solution to enhance your own threat hunting and detection approaches.

    Listen to Dan Crossley, Enterprise Sales Engineering Manager and John Golden, Enterprise Sales Manager, LogRhythm, to gain insight into the following attack techniques:
    - How attackers establish Command & Control (C2) communications and infrastructure
    - How Domain Generation Algorithms (DGAs) work and why they are used
    - How attackers can exfiltrate data via DNS tunnelling
  • [EMEA] Five practical use cases to enhance threat detection and response May 20 2021 9:00 am UTC 43 mins
    Jake Anthony, Systems Engineer and Simon Hamilton, Client Manager, LogRhythm
    Without rapid and accurate threat detection, your mean time to detect and respond to damaging cyberattacks is compromised, allowing attackers time to steal your organisation’s sensitive data. From collecting security and log data to utilising machine analytics, your team can effectively reduce the time it takes to discover threats on your network.

    In our webinar Jake Anthony and Simon Hamilton from LogRhythm outline five practical use cases to enhance threat detection and response with your existing tools.

    These include:

    • Integrating endpoint detection for improved threat hunting capabilities
    • Combining logical and physical authentication to spot anomalous access
    • Automating detection and response to Phishing attacks
    • Detecting possible indicators of bit-coin mining
    • Improving incident response times through audio and visual alerting

    Register now if you are a SOC manager, security analyst, security architect and you are responsible for managing your organisations cybersecurity.
  • [APAC] Dissecting Golden SAML attack attackers used to exploit SUNBURST backdoor May 13 2021 2:00 am UTC 94 mins
    Randy Franklin Smith, Sally Vincent, and Dan Kaiser
    In this on-demand webinar, Randy Franklin Smith briefly introduces you to federation and SAML and how it works in Office 365. Then he will discuss how attackers exploited selected installations of the SUNBURST backdoor to laterally move to the victim organization’s ADFS server and stole its private key.

    Then, joined by the very knowledgeable security researchers Sally Vincent and Dan Kaiser from LogRhythm Labs, we will show you
    •How a Golden SAML attack works
    •Possible ways to mitigate via preventive controls
    •Methods for detection via SIEM rules and threat hunting
    •What Office 365 logs do and don’t tell us about federated logins

    You will see an actual demonstration of an attack by Sally, and we’ll cover the actual event IDs you need to monitor and attempt to correlate from:
    •Domain controllers
    •ADFS servers
    •Office 365 audit log

    This is a highly technical session we think you will really enjoy and benefit from. Especially because we expect to see a lot more Golden SAML attacks this year.

    Watch on-demand now!
  • [EMEA] When ATT&CK is the best form of defence May 10 2021 9:00 am UTC 48 mins
    Kev Eley, Client Director, LogRhythm and Dan Crossley, SE CISSP, LogRhythm
    “If you know the enemy and know yourself you need not fear the results of a hundred battles” Sun Tzu. The MITRE ATT&CK knowledge base provides a mechanism to understand the tactics employed by adversaries to compromise systems and ultimately exfiltrate data.

    In this webinar, Kev Eley and Dan Crossley will outline genuine attack scenarios in the context of ATT&CK and discuss effective techniques for thwarting bad actors.

    Register for this webinar if you are a SOC manager, security analyst, security architect and you are responsible for stopping cyberattacks to protect your organisation.
  • [EMEA] MITRE ATT&CK: An update in SIEM alignment May 6 2021 9:00 am UTC 40 mins
    Andrew Hollister, Senior Director, LogRhythm Labs Security, LogRhythm
    In this webinar, Andrew provides an overview of how security professionals and the businesses that employ them can benefit from integrating the MITRE ATT&CK framework into their SIEM. He also expands on how feeding data from a wide set of technologies including endpoint detection and response (EDR), antivirus/anti-malware, intrusion detection/prevention systems (IDS/IPS), and other products can help businesses get the most out of their SOCs.
  • [APAC] Detecting and Blocking Malware Threats with SIEM + EDR Apr 28 2021 2:00 am UTC 58 mins
    Harrison Midkiff and Brandon DeMeo
    As cyberthreats continue to grow, it’s crucial to focus on endpoint data and attacker behavior to achieve enterprise-wide visibility and enable proactive detection before threats become a high-impact incident.

    LogRhythm and Carbon Black together deliver a powerful integration that combines endpoint detection and response (EDR) with advanced analytics and automated response capabilities.

    In this on-demand webinar, co-presented with VMware Carbon Black, you will see how EDR and the LogRhythm NextGen SIEM Platform work together to reduce your time to respond to malware threats.

    Watch the on-demand webcast today to listen in on Harrison Midkiff and Brandon DeMeo as they walked through two live demonstrations and a use case examples showing the value of these two solutions working together!
  • [EMEA] Threat Intelligence Platforms and LogRhythm Apr 22 2021 9:00 am UTC 60 mins
    Oliver Gheorghe, Enterprise Sales Engineer and Sander Bakker, Enterprise Sales Manager
    According to Gartner "Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications, and action-oriented advice about an existing or emerging menace or hazard to assets. This intelligence can be used to inform decisions regarding the subject’s response to that menace or hazard.”

    In this webinar you’ll discover how SIEM technology provides a way of reducing your mean time to detect and respond to potential threats. Using threat intelligence to identify potential risks to organisations that have not been observed and providing additional context around potential threats by combining external threat feeds with the LogRhythm platform.

    Join Oliver Gheorghe, Enterprise Sales Engineer and Sander Bakker, Enterprise Sales Manager, LogRhythm, who will outline the following:
    - Introduction to threat intelligence
    - Threat Intelligence Platform Overview and Use-cases
    - Automating threat intelligence with LogRhythm

    Register today and join us live on 22nd April at 10am. Don't worry if you can't attend live, register and you'll have access to the recording on-demand after the webinar has aired.
  • Increase Cyber Resilience with Zero Trust Apr 15 2021 3:15 pm UTC 62 mins
    Simon Howe, Jinan Budge, Ashwin Pal, Jason Duerden
    Cyber attacks are exploding. According to the FBI's Internet Crime Report there were 791,790 complaints of suspected internet crime. That's an increase of over 300,000 from 2019. Total reported losses also exceeded $4.2 billon*. The need for cyber resilience has never been more important.

    LogRhythm, joined by Forrester Principal Analyst serving Security & Risk Professionals Jinan Budge, Unisys, and Blackberry Cylance, discuss how you can effectively achieve true cyber resilience with Zero Trust.

    Key Takeaways:
    1. What is Zero Trust and its alignment to the NIST-CSF
    2. How to detect, respond and mitigate common attacks (e.g. phishing) using a Zero Trust model
    3. How an organization can embark on a successful Zero Trust journey and avoid common pitfalls.

    Register today for this webinar to learn more about Zero Trust can help you build your cyber resilience!

    * Source: https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf
  • [APAC] When ATT&CK is the best defence: Building mitre att&ck into your security Apr 14 2021 2:00 am UTC 30 mins
    Karthik Murthy, Enterprise Solution Architect and Sales Engineer APAC
    Enterprise Solution Architect and Sales Engineer Karthik Murthy demonstrates how security teams can leverage 5 prevalent MITRE ATT&CK techniques in security monitoring.

    Discover how real-world adversaries employ them for undetected infiltration and compromise data, and identify priority areas and potential visibility gaps.

    Key Learnings:

    • The structure of ATT&CK, comprising tactics, techniques, examples, mitigation, and detection

    • How to use ATT&CK to assess, enhance, and test your monitoring, threat detection, and threat hunting efforts

    • How to apply five common ATT&CK techniques in your threat detection and hunting practice

    • A practical approach to using MITRE ATT&CK to improve offense and defense to ultimately reduce mean time to detect and respond.
  • [META] How to build a SOC with limited resources Recorded: Apr 5 2021 24 mins
    Amjad Khader, Enterprise Sales Manager, LogRhythm
    Whilst some organizations have a 24x7 security operations centre (SOC) with teams of dedicated analysts carefully monitoring for threats around the clock, every day of the year. Unfortunately, most organizations cannot afford a 24x7 SOC. The cost of having well-trained analysts onsite at all times outweighs the benefit.

    In this on-demand session we outline:
    -Various security operations models - from an informal SOC to a 24x7 staffed team
    -Common challenges faced by organizations with limited resources, including the dangers of an informal SOC approach
    -How to balance the real cost of an informal SOC, against the potential damage caused by a data breach or uncontrolled malware
    -Steps to building a SOC with limited resources
  • [APAC] Supercharging LogRhythm: Using Jupyter Notebook to enhance threat hunting Recorded: Mar 30 2021 41 mins
    Jake Anthony, Enterprise Sales Engineer, LogRhythm
    Having a well-run, foundational SIEM for your security posture is a fantastic goal for most organisations, however that shouldn’t be where the drive to improve organisational security stops.

    In this on-demand webinar Jake Anthony, Enterprise Sales Engineer, LogRhythm, looks at how combining Open Source technologies such as Jupyter Notebook can enhance your security posture through optimisation and integration with the LogRhythm NextGen SIEM Platform.

    Watch to discover:
    • LogRhythm & Open Source
    • What is Jupyter Notebook
    • How you can leverage it in your environment
    o Streamline MITRE ATT&CK tag creation
    o Expand visualisation capabilities
    o Enhance threat hunting playbooks
  • Introducing MistNet NDR by LogRhythm: Network Threat Detection Made Easy. Recorded: Mar 24 2021 59 mins
    Dan Crossley, Enterprise Sales Engineering Manager and John Golden, Enterprise Sales Manager, LogRhythm
    If we reflect on the cybersecurity news of 2020, it is clear that determined threat actors are using carefully planned and sophisticated attack techniques to breach the networks of target organisations. In any successful cyber intrusion, the threat actors successfully evaded the endpoint security systems, but the network communications provides us with an opportunity for detection.

    In this on-demand webinar, you will learn three key network-based techniques that threat actors will employ during a typical attack on a target environment. We discuss why these techniques are so successful and why you should consider an NDR solution to enhance your own threat hunting and detection approaches.

    Listen to Dan Crossley, Enterprise Sales Engineering Manager and John Golden, Enterprise Sales Manager, LogRhythm, to gain insight into the following attack techniques:
    - How attackers establish Command & Control (C2) communications and infrastructure
    - How Domain Generation Algorithms (DGAs) work and why they are used
    - How attackers can exfiltrate data via DNS tunnelling
  • How Federal Agencies Can Detect and Block Insider Threats Recorded: Mar 23 2021 54 mins
    Mark Ciciretti and Brendon DeMeo
    You may think that the most damaging security threats to your agency originate outside of the organization. However, data shows that insider threats cost $13.3 million on average just in North America. Insider threats, which can include employees, contractors, or vendors, are much more top of mind given recent events. So how do you detect and block these threats?

    LogRhythm and VMware Carbon Black can help. Together they deliver a powerful integration that combines endpoint detection and response (EDR) with advanced analytics and automated response capabilities.

    In this webinar, Mark Ciciretti, sales engineer at LogRhythm, and Brendon DeMeo, senior solution engineer at VMware Carbon Black, demonstrated how LogRhythm and Carbon Black products work together to protect your agency from insider threats.

    Watch this on-demand webcast to listen in on a conversation about insider threats with relation to federal agencies and to see the powerful integration of these two platforms in action!
  • [APAC] Dated Zero Trust in 2020? Make a Commitment in 2021! Recorded: Mar 9 2021 47 mins
    James Carder and David Holmes
    Ever since Forrester alum John Kindervag founded the concept of Zero Trust in 2009 , it’s intrigued those with its “Never trust, always verify” approach to security. Even so, many believed the framework to be out of their reach, often citing high costs or labor requirements as a barrier to entry.

    High-profile implementations of Zero Trust by companies like Google and Beyond Corp have helped the cybersecurity industry realize its feasibility ; however, most organizations have still taken an exploratory approach to Zero Trust — that is, until COVID-19 forced companies to stand up remote workforces practically overnight.

    The sudden pressure to keep employees and assets both connected and secure resulted in a paradigm shift for how IT and security teams operate — and a spike in interest and adoption of Zero Trust as a security strategy. But the circumstances leading to this meant that most organizations didn’t already have a roadmap to guide a holistic implementation, so many scrambled to apply bits and pieces of Zero Trust and are now wondering how to take the next step with the framework.

    Guest speaker, Forrester senior analyst David Holmes and LogRhythm CSO James Carder are here to help. During this session, they’ll discuss:
    • How the security community can directly translate Zero Trust components into concrete roadmap items
    • How security elements like automation and visibility tie into the framework
    • Examples of each based on Forrester research

    You will also hear from James about his own successful implementation of Zero Trust at LogRhythm.

    Register today to learn how to solidify your Zero Trust strategy so you can realize the benefits of a
    full implementation.
  • Dissecting the Golden SAML Attack Used by Attackers Exploiting SUNBURST Backdoor Recorded: Mar 5 2021 95 mins
    Randy Franklin Smith, Sally Vincent, and Dan Kaiser
    In this on-demand webinar, Randy Franklin Smith briefly introduces you to federation and SAML and how it works in Office 365. Then he will discuss how attackers exploited selected installations of the SUNBURST backdoor to laterally move to the victim organization’s ADFS server and stole its private key.

    Then, joined by the very knowledgeable security researchers Sally Vincent and Dan Kaiser from LogRhythm Labs, we will show you
    •How a Golden SAML attack works
    •Possible ways to mitigate via preventive controls
    •Methods for detection via SIEM rules and threat hunting
    •What Office 365 logs do and don’t tell us about federated logins

    You will see an actual demonstration of an attack by Sally, and we’ll cover the actual event IDs you need to monitor and attempt to correlate from:
    •Domain controllers
    •ADFS servers
    •Office 365 audit log

    This is a highly technical session we think you will really enjoy and benefit from. Especially because we expect to see a lot more Golden SAML attacks this year.

    Watch on-demand now!
  • [APAC] The State of Cybersecurity Panel Recorded: Mar 3 2021 70 mins
    James Carder, Rob Lee, Steve Surdu, Jake Willems & Chris Stangl
    During our RhythmWorld 2020 Security Conference, a panelist of five security titans met to discuss the state of cybersecurity today and their insights into the future. They’ll cover the biggest threats, latest innovations, and their visions for the industry.

    2020 proved to be a year of front-page ransomware attacks, state-sponsored hacking campaigns, and waves of data breaches. On top of direct attacks, security teams faced natural disasters, a complicated geo-political environment, and changing workplace.

    This panel is moderated by James Carder, LogRhythm Chief Security Officer. James is joined by:

    •Rob Lee, Head of SANS Digital Forensics and Incident Response (Former member of the US Air Force Office of Special Investigations (AFOSI) and Director at Mandiant)
    •Steve Surdu, Principal, Surdu Consulting (Former Vice President of Services and Incident Response at Mandiant)
    •Jake Willems, Founder, Rendition Infosec (IANS Faculty Member and industry thought leader @MalwareJake)
    •Chris Stangl, Station Chief, FBI
  • [EMEA] Supercharging LogRhythm: Using Jupyter Notebook to enhance threat hunting Recorded: Feb 25 2021 42 mins
    Jake Anthony, Enterprise Sales Engineer, LogRhythm
    Having a well-run, foundational SIEM for your security posture is a fantastic goal for most organisations, however that shouldn’t be where the drive to improve organisational security stops.

    In this on-demand webinar Jake Anthony, Enterprise Sales Engineer, LogRhythm, looks at how combining Open Source technologies such as Jupyter Notebook can enhance your security posture through optimisation and integration with the LogRhythm NextGen SIEM Platform.

    Watch to discover:
    • LogRhythm & Open Source
    • What is Jupyter Notebook
    • How you can leverage it in your environment
    o Streamline MITRE ATT&CK tag creation
    o Expand visualisation capabilities
    o Enhance threat hunting playbooks
  • [EMEA] Combatting ransomware and APT activity with process-level monitoring Recorded: Feb 25 2021 62 mins
    Dan Crossley, Sales Engineering Manager, LogRhythm and Imran Hafeez, LogRhythm Analytic Co-Pilot Consultant
    Ransomware has evolved from a commodity malware strain primarily targeting home users, to a devastating and effective tool in the arsenal of advanced threat groups. As these human operated cyberattacks continue to be a lucrative source of income for threat actors, ransomware will continue to pose a major threat to many organisations.

    If threat actor activity can be detected in the environment early enough in the kill-chain, analysts stand a much better chance of unravelling the entire attack and reducing the risk to their organisation.

    In this on-demand webinar Dan Crossley, Sales Engineering Manager, LogRhythm and Imran Hafeez, LogRhythm Analytic Co-Pilot Consultant, will outline:
    • The anatomy of a human operated ransomware attack
    • What additional log data can be enabled within a Windows environment to allow better tracing of threat actor activity, including:
    o Process creation with command-line execution
    o PowerShell logging
    o Microsoft Sysmon
    • How you can trace and alert on possible threat actor activity within your environment, with these log sources
  • Conquering CMMC: Tackling the Most Difficult CMMC Controls Recorded: Feb 23 2021 64 mins
    Darren Cathey and Scott McDaniel
    The Cybersecurity Maturity Model Certification (CMMC) sets a new minimum bar to hit if you want a shot at doing business with the Department of Defense (DoD). That means that CMMC compliance is likely at the top of your cybersecurity list and you’ve probably already done at least a little research.

    As you may have noticed, one of the more difficult controls those pursuing CMMC Level 3 and up must meet is keeping a detailed log of all devices. Some levels even require 24/7 monitoring of these logs. Talk about a herculean task!

    In this on-demand webinar, Darren Cathey, Sales Engineer at LogRhythm, and Scott McDaniel, Vice President of Technology at Simple Helix, go beyond understanding CMMC! They discuss:
    • A quick overview of the CMMC standard
    • How LogRhythm’s set of out-of-the-box content can help you move through compliance before the 2026 deadline
    • How to make keeping track of your log files easy

    Watch this fireside chat today and discover the less arduous path to CMMC compliance that has resulted in a perfect DCMA High Audit Score of 110 for a Simple Helix customer!
Be Security First.
LogRhythm’s award-winning NextGen SIEM Platform makes the world safer by protecting organizations, employees, and customers from the latest cyberthreats. It does this by providing a comprehensive platform with the latest security functionality, including security analytics; network detection and response (NDR); user and entity behavior analytics (UEBA); and security orchestration, automation, and response (SOAR). Learn how LogRhythm empowers companies to be security first at logrhythm.com.

To learn more, please visit logrhythm.com.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: New Techniques to Strengthen Threat Detection
  • Live at: Feb 23 2021 4:35 pm
  • Presented by: Paul Caiazzo and Brian Emond
  • From:
Your email has been sent.
or close