What Security Logs Tell You About Attackers in Your Network

Presented by

Seth Goldhammer, Dir. Product Management at LogRhythm; Randy Franklin Smith, Windows Security Subject Matter Expert

About this talk

Preventing attackers from gaining control of network endpoints is difficult. Your preventative controls might stop such an event, but defense-in-depth best practices recommend a multi-layered security approach to protect your organization. In this webcast, Seth Goldhammer, director of product management at LogRhythm, joins Randy Franklin Smith, Windows Security subject matter expert, to discuss how to detect attackers in various stages of the Cyber Attack Lifecycle. The duo examines Windows and Windows Firewall events including: * 4798—A user's local group membership was enumerated * 4799—A security-enabled local group membership was enumerated * 4627—Group membership information * 6416—A new external device was recognized by the system They also show how LogRhythm’s analytics can recognize progression along the Cyber Attack Lifecycle, while increasing risk scoring with each progression, and how LogRhythm can infer additional context about a user during analysis. Watch now to learn how to take your security operations to the next level.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (94)
Subscribers (8163)
Notice: LogRhythm APJ channel has moved! Please note that this channel will not be updated with new content from 31 December 2020. We invite you to our new and improved LogRhythm channel, which can be accessed here: https://www.brighttalk.com/channel/12099/ At LogRhythm, we strive to provide our users and subscribers with the latest security tips & tricks available on-demand. Check out our latest talk: How to build an effective security program with limited resources: https://www.brighttalk.com/webcast/12099/460817