Threat Research | LogRhythm

Angela Murray Senior Content Marketing Specialist

The Top Five Benefits of Cloud SIEM, According to Security Experts

An increase in organizations moving to cloud-first strategies is driving the demand for cloud SIEM solutions. The economic and operational benefits enterprises are seeing from moving many of their services to the cloud can also be realized with a SIEM delivered as a software-as-a-service (SaaS). Learn what security experts, including LogRhythm and industry visionaries, consider to be the top five benefits of a SaaS SIEM solution.

Ashok Chokalingam Enterprise Sales Engineer

Securing Water Critical Infrastructure: Detecting a Life-Threatening Attack, Part 2

In part 1 of our two-part series on securing water critical infrastructures (CI), we described how a water treatment plant’s operational technology (OT) security team quickly detected, located, and shut down contaminated water pipes during a potential chemical attack on the plant’s water. In part 2, we will describe how the security team can easily create correlated rules to alert to an attack at one of the plant’s remote locations.

Ashok Chokalingam Enterprise Sales Engineer

Securing Water Critical Infrastructure: Detecting a Life-Threatening Attack, Part 1

In part 1 of this two-part series, we will show you how an operational technology (OT) security operations center (SOC) team uses real-time monitoring to quickly detect, locate, and shut down contaminated water pipes during a security or operational incident at a water treatment plant.

Eric Shiflet Senior Product Manager

Selecting the Best Data Storage Solution for Your Organization

Data storage decisions depend on a number of factors. So how do you ensure that you select the most appropriate option to best facilitate security analytics? Let’s explore how.

Zack Shulman Compliance Research Senior Engineer

How to Balance Security Maturity and Compliance with LogRhythm

Learn why compliance doesn’t guarantee prevention against a breach, and while various frameworks and legislation are meant to lay the foundation for organizations to build and expand on, this is rarely the case.

Nathaniel “Q” Quist Incident Response Engineer

Detecting Drupalgeddon 2.0

Despite a patch being released for the recent Drupal vulnerability, entities are still feeling its impacts. In this post, we’ll review what is known about Drupalgeddon and present detection methods.

Nathaniel “Q” Quist Incident Response Engineer

Time to Reset Your Router? Understanding and Removing VPNFilter Malware

VPNFilter Malware has compromised more than 500,000 endpoints. To help you detect VPNFilter, LogRhythm Labs has implemented VPNFilter malware alarms within the Current Active Threat (CAT) Module.

Erika Noerenberg

Take a Deep Dive into PlugX Malware

Although there have been several variants over the years, an analysis of the timeline of variants discussed demonstrates the "original" PlugX variant continues to be used today.

LogRhythm Labs

Detecting Memcached DDoS Attacks Targeting GitHub

On February 28 and March 5, 2018, Memcached DDoS attacks targeted GitHub. LogRhythm Labs performed an investigation into the cause, effect, and outcome of these attacks.

LogRhythm Labs

Bad Rabbit Ransomware Technical Analysis

On October 24, 2017, a new strain of ransomware dubbed "Bad Rabbit" emerged. This blog provides an in-depth analysis, recommendations for mitigation, IOCs, and LogRhythm AI Engine rules and NetMon queries for detection.