Blog

Et case-study i SIEM anvendelse

Et case-study i SIEM anvendelse Christian Have Efter at have læst Johan Christensens og Kevin Loumann Eienstrands artikel i Børsen omkring lækage af filer i Kalundborg kommune, kigger vi i denne blogpost på hvordan security analytics gennem SIEM kan anvendes til at identificere, imødegå og reagere på lignende trusler.  Sagen kort jf. Artiklen Man har fået godkendt en FTP server, der kan bruges når der skal udveksles filer i forbindelse med aktindsigt. Denne server har haft et login, man har givet ud til samtlige eksterne parter. Alle eksterne brugere, samme brugernavn og...

GDPR reports

Several organizations are currently undertaking GDPR implementation – but many lack the technology to map and protect the data required in order become GDPR compliance.  By imposing compliance requirements against advanced algorithms for detecting unusual patterns of activity you now get the most out of your LogPoint solution. The GDPR Reports are part of LogPoint‘s GDPR-related activities and these are justsome of the benefits: Provides understanding of critical data flows and critical data transactions Empowers process improvement by giving an overview of current level of...

Why do you need UEBA?

Why do you need UEBA? User and Entity Behavioral Analytics (UEBA) solutions have been around for some time, and you may be wondering what they are and if you need one. UEBA tools analyze the behavior of users and entities (hosts, devices, files and transactions) to find interesting or malicious behaviors and patterns. Essentially, UEBA makes your security team smarter by accelerating detection and response to threats without increasing the workload of your security analysts. It increases the ability to focus your security resources where they can be most effective – reducing the noise from...

Bad Rabbit Ransomware

Bad Rabbit Ransomware Ransomware is without doubt one of the most rising threat nowadays, and the latest outbreak proves that all small, medium-sized and large organisations are at risk. At LogPoint our IT and security professionals constantly work on helping our clients withstand attacks like these. When fighting ransomware, planning and forethought are crucial in order fore your organization to limit the impact and quickly recover with minimal disruption. Here at LogPoint, we keep in mind that ransomware variants are constantly changing, so we can always provide the best available...

KRACKs

KRACKs Today we have released our application to detect the KRACK attacks. For detailed information about the attack please refer to https://www.krackattacks.com/. Since the attack can target both infrastructure and endpoints, patching the infrastructure alone will not be sufficient to protect against the attacks. Patching endpoints will be a tedious process for large organizations, especially if they operate IOT, OT or embedded devices relying on WIFI. Since the vulnerable devices can survive for longer periods of time in the network, it is important to implement active monitoring...

LogPoint adds UEBA module to its Next Generation SIEM solution

LogPoint adds UEBA module to its Next Generation SIEM solution LogPoint and Fortscale join forces on the embedded UEBA engine, Presidio. This will enable hundreds of LogPoint’s SIEM platform customers, to natively detect malicious activity of users and entities, with advanced machine learning analytics. Copenhagen, Denmark; San Francisco, CA, Sep 18, 2017 LogPoint, big data analytics and Security Information and Event Management (SIEM) platform provider, and Fortscale, the pioneer in embeddable User and Entity Behavioral Analytics UBEA, today announced that they have joined forces to...

The re-emergence of Dragonfly

The re-emergence of Dragonfly Created by Nicolai Zerlang, September 11, 2017 An increase of dangerous Advanced Persistent Threats (APT) attacks was reported by Symantec last week. The sophisticated attack group Dragonfly (also known as Energetic Bear), is reportedly behind. Dragonfly 2.0, as this wave of attacks is dubbed, appears to have begun already in 2015 and share tactics earlier used by the group to infiltrate critical infrastructure control systems. The attacks are primarily targeted at the energy sector, and has already compromised numerous organizations, enabling Dragonfly to...

Petya/NotPetya Ransomware

Petya/NotPetya Created by Roshan Pokharel, June 29, 2017 A new ransomware outbreak named "Petya", similar to WannaCry malware, was seen on June 27, 2017. This malware spread quickly and affected various organizations in Europe and the US. The ransomware was thought to be a variant of Petya family but researcher determined that they are not related and now renamed to "NotPetya". Petya/NotPetya does not require EternalBlue SMB vulnerability for exploitation to spread in systems on a network. One infected host will allow ransomware to spread in any connected systems, provided that infected...

Introducing the WannaCry application

Introducing the WannaCry application  By Prabhat Pokharel, Roshan Pokhrel & Cintia Szabó, May 16, 2017 After our blog post on Sunday regarding the WannaCry malware breakout, LogPoint today is excited to announce our turn-key application to detect and respond to WannaCry. The application works on LogPoint and LogPoint Free, works for all types of devices  (firewalls, content security appliances, file-shares etc) and provides a simple effective tool to monitor and contain any further spread of the malware. In addition, as research moves forward with different samples of...

Responding to WannaCry Malware

By Christian Have, VP Products & Innovation, May 13, 2017   Update: Read our latest blog post on our newly released WannaCry Application   As WannaCry has wrecked havoc over the weekend, many organizations will face the impact of the malware during the beginning of the week. WannaCry is a ransomware attack that exploits the MS17-010 vulnerability. Infection After exploiting the vulnerability the malware attempts to connect to a domain: iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com The malware expects the connection to fail and then proceeds to install and infect...

VIEW MORE ENTRIES

Why LogPoint?

With LogPoint, you will discover a full enterprise SIEM solution. 

LogPoint is EAL 3+ certified and the solution is tailored to solve the specific security management challenges of your business - whether the goal is compliance, forensics or operational insight.

And the best part..? We have the most predictable licensing model in the industry.