Year: 2013
Can the NSA Spot the “Adversary”?
Technical Evangelist
Published:
The NSA released a PDF entitled “Spotting the Adversary with Windows Event Log Monitoring” earlier this year. While there’s a bit of irony in this, given the whole Snowden story that followed the release of this document, the PDF is still chock full of great information on what to watch for in an effort to … Continued
Best Practices for Change Management in the Data Center
Technical Evangelist
Published:
When it comes to change management, Scott Matteson gets it. Too many companies today make changes without any kind of change management in place. Scott’s approach even includes the mandated use of individual accounts to perform changes so that Auditing of system changes can easily be tied back to a specific person. Many of you … Continued
Death by Event Log Overload
Technical Evangelist
Published:
When it comes to security, event logs are supposed to be the best friends of an IT guy managing the environment, right? Roger Grimes from InfoWorld claims that the evidence of malicious activity can be found in Event Logs. So, if companies today already have all necessary data that points directly to the malware, why do … Continued
Next Generation of SIEMs? Ease Of Use, Analyze More Data
Technical Evangelist
Published:
In one of the most recent articles posted on darkreading.com, Robert Lemans speaks about the new features of Security Information and Event Management (SIEM) systems and some common problems the comapnies face when using them. The most interesting quote in this article came as no surprise – “Yet SIEM deployments are difficult. The complexity of … Continued
Top 6 Security Breaches that Auditing Would have Prevented
Technology Analyst, Cybercrime Specialist, and MVP
Published:
Because IT security breaches have become so prevalent, the common model for addressing them is often more reactive than proactive. Have you given up and given in to the idea that breaches are inevitable? Money, time and effort is put into establishing incident response teams, but often preventative efforts don’t go much further than applying … Continued
Even in an organizational “shutdown”, compliance and security are expected
Technical Evangelist
Published:
So, the U.S. government shutdown on October 1st with much focus on “essential” and “non-essential” employees. In the case of an organizational shutdown (read: pretty much every weekend, holiday, etc.) IT is always on the “essential” employees list. Since IT, no doubt, runs on a skeleton crew after regular business hours, how can an organization … Continued
Avoid Security Blind Spots and Vulnerabilities with Configuration Auditing
Technical Writer and Editor, Specializing in Cybersecurity
Published:
A recent market report produced by the Enterprise Strategy Group (ESG) details the IT security industry’s evolution over the past decade from the introduction of network access control (NAC) to what ESG now sees as Endpoint Visibility, Access, and Security (EVAS). One key component of EVAS is continuous monitoring, such as that provided by system-wide … Continued
Free Cheat Sheet on File Server Auditing
Former Director of Global Solutions Engineering
Published:
Our next FREE cheat sheet is devoted to auditing changes in the File Server. In this quick guide you’ll find the information about required system configurations, HOW-TOs and event IDs that could be helpfull you when auditing your File Servers. Click here to download this FREE guide, no registration is required. As usual, don’t forget … Continued
Top 10 Systems that All Organizations Need to Audit but Often Don’t (part #1)
Former Director of Global Solutions Engineering
Published:
Ask an IT manager to tell you who made what changes to system configurations in their IT infrastructure and it will often involve a time-consuming manual process of trawling through a disparate array of native audit logs from servers and network equipment. Despite being slow and insecure this manual approach is still common-place even in … Continued
Fast and Simple DNS Auditing
Former Director of Product Management
Published:
Microsoft DNS (Domain Name Service) is the service for all computer name resolution for both the Internet and also for Microsoft’s Active Directory. Every web browser request, every Active Directory logon, every email that is routed touches DNS somehow. Within DNS every computer or web site is represented by an entry called a DNS record. … Continued
Why Is SIEM Losing Steam?
Former Director of Product Management
Published:
A recent study reported by CIO magazine revealed SIEM challenges, saying that 1/3 of SIEM owners would stop using their current solution in favor of a more efficient and affordable solution. The study cited SIEM owner’s main complaints being: Long-complex SIEM deployment Long time before usable data was produced Months of expensive consulting to get … Continued
Find Account Lockout Source and Fix Faster for Free
Former Director of Product Management
Published:
There has been a surge in the number of account lockout incidents in the past several years. The increase is in large part due to the number of BYOD devices that are connecting to today’s networks. These devices often cache passwords making it easier for users to connect to backend email or networks resources. Handpicked … Continued
New HIPAA 2013 changes require more organizations to comply
Former Director of Product Management
Published:
The US Department of Health and Human Services (HHS) issued a HIPAA 2013 omnibus ruling in January that expands the list of organizations that must comply with HIPAA (Health Insurance Portability and Accountability Act) requirements. Prior to this ruling HIPAA directly affected health providers and health plan services; now any organization associated with these providers must also comply … Continued
.png)