Detect and Respond to Threats Faster

Unleash the Power of Your SOC

Build a strong foundation of people, process, and technology to accelerate threat detection and response.

Learn More

Respond to Incidents in Seconds

Work smarter, more efficiently, and more effectively with security orchestration, automation, and response (SOAR).

Explore SOAR

Uncover Actionable Data

Gain full visibility into your data and the threats that hide there.

Learn about Log Management

Increase the Effectiveness of Your Security Operations

NextGen SIEM

Detect, investigate, and neutralize threats with our end-to-end platform.

Security Analytics

Detect and investigate threats with advanced analytics and threat hunting.

SOC Enablement

Build your SOC on a strong foundation of people, process, and technology.

Cloud Security

Secure your cloud-based infrastructure with real-time monitoring.

UEBA

Detect anomalous user behavior and threats with advanced analytics.

Network Analytics

Analyze network traffic to uncover and neutralize network-based threats.

File Integrity Monitoring

Streamline your compliance objectives and protect your organization’s critical files and data.

Compliance

Meet and report on compliance mandates, including PCI, HIPAA, NERC, CIP, and more.

MITRE ATT&CK

Achieve more effective cybersecurity with a common taxonomy for threat analysis and research.

LogRhythm Cloud

Simplify your security operations with full NextGen SIEM without the hassle of managing infrastructure.

UserXDR

Bring clarity and context to anomalous user behavior by corroborating risk with full-featured UEBA.

NetworkXDR

Go beyond basic network traffic analysis with full detection, investigation, and response capabilities.

NetMon

Get real-time visibility into your network to detect security & operational issues.

NetMon Freemium

Get started with network monitoring and traffic analysis for free.

Enhanced Services

Amplify your existing resources to gain optimal performance.

Training

Elevate your team's expertise and get the most out of your LogRhythm solution.

Support

Community

Join the discussion! Share best practices, get the latest updates, and give us your feedback.

LogRhythm Labs

Learn how our team of security experts can help you succeed through their real-world SOC experience.

Partners

Threat Research

Ashok Chokalingam Enterprise Sales Engineer

Securing Water Critical Infrastructure: Detecting a Life-Threatening Attack, Part 2

In part 1 of our two-part series on securing water critical infrastructures (CI), we described how a water treatment plant’s operational technology (OT) security team quickly detected, located, and shut down contaminated water pipes during a potential chemical attack on the plant’s water. In part 2, we will describe how the security team can easily create correlated rules to alert to an attack at one of the plant’s remote locations.

Ashok Chokalingam Enterprise Sales Engineer

Securing Water Critical Infrastructure: Detecting a Life-Threatening Attack, Part 1

In part 1 of this two-part series, we will show you how an operational technology (OT) security operations center (SOC) team uses real-time monitoring to quickly detect, locate, and shut down contaminated water pipes during a security or operational incident at a water treatment plant.

Eric Shiflet Senior Product Manager

Selecting the Best Data Storage Solution for Your Organization

Data storage decisions depend on a number of factors. So how do you ensure that you select the most appropriate option to best facilitate security analytics? Let’s explore how.

Zack Shulman

How to Balance Security Maturity and Compliance with LogRhythm

Learn why compliance doesn’t guarantee prevention against a breach, and while various frameworks and legislation are meant to lay the foundation for organizations to build and expand on, this is rarely the case.

Nathaniel “Q” Quist

Detecting Drupalgeddon 2.0

Despite a patch being released for the recent Drupal vulnerability, entities are still feeling its impacts. In this post, we’ll review what is known about Drupalgeddon and present detection methods.

Nathaniel “Q” Quist

Time to Reset Your Router? Understanding and Removing VPNFilter Malware

VPNFilter Malware has compromised more than 500,000 endpoints. To help you detect VPNFilter, LogRhythm Labs has implemented VPNFilter malware alarms within the Current Active Threat (CAT) Module.

Erika Noerenberg

Take a Deep Dive into PlugX Malware

Although there have been several variants over the years, an analysis of the timeline of variants discussed demonstrates the "original" PlugX variant continues to be used today.

LogRhythm Labs

Detecting Memcached DDoS Attacks Targeting GitHub

On February 28 and March 5, 2018, Memcached DDoS attacks targeted GitHub. LogRhythm Labs performed an investigation into the cause, effect, and outcome of these attacks.

LogRhythm Labs

Bad Rabbit Ransomware Technical Analysis

On October 24, 2017, a new strain of ransomware dubbed "Bad Rabbit" emerged. This blog provides an in-depth analysis, recommendations for mitigation, IOCs, and LogRhythm AI Engine rules and NetMon queries for detection.

LogRhythm Labs

Mamba Ransomware Analysis

The LogRhythm Labs team provides analysis on Mamba—a strain of ransomware identified in 2016—after its recent resurgence. This goal of this in-depth analysis is to ensure users are prepared to protect their systems and to help prevent future infection of this malware variant.

1 2 >