February EventSource Newsletter
Logging data extracts puts some agencies in a bind
SPECIAL REPORT: Case study no. 3 – Mandate forces changes in who accesses information
OMB gives agencies 45 days to begin logging all computer-readable data extracts, and after 90 days, verify if the data has been erased or still is needed. Very few agencies—if any—have met this most challenging mandate of the four, industry and federal experts said.
A third requirement in the Office of Management and Budget’s June 23 data security memo can fundamentally change an agency’s approach to collecting, disseminating and securing data—which is perhaps why agencies have had so much trouble with it.
Logging isn’t that difficult, experts said, because every device creates a log. But the question is how to analyze the thousands of daily logs from a security perspective, said Carlos Blazquez, a senior information assurance analyst with SRA International Inc. of Fairfax, Va.
TJX data breach raises questions
TJX Companies—the $16 billion global retail chain that owns T.J. Maxx and Marshalls, among many other brands—disclosed on Jan. 17 that it had “suffered an unauthorized intrusion” into its computer systems in December.
The statement said the company had retained the services of General Dynamics and IBM both to help investigate and to upgrade security systems to ostensibly prevent another, similar intrusion.
But a closer reading of the statement raises quite a few questions, none of which the company has tried to answer.
Learn how EventTracker improves security and overall business operations with real-time event monitoring, host-based intrusion detection, incidence response and Forensic analysis
The 7 best practices for network security in 2007
We all face it – the daily barrage of spam, now infested with zero-day malware attacks, not to mention the risks of malicious insiders, infected laptops coming and going behind our deep packet-inspecting firewalls and intrusion-prevention systems. Some even have to worry about how to prove steps of due care and due diligence towards a growing roster of regulatory compliance pressures.
What can you do under so much extreme pressure to make 2007 a better year, not a year loaded with downtime, system cleanup and compliance headaches?
Security, disaster recovery: Top SMB predictions for 2007
During the last few disaster-prone years, small and medium-sized businesses (SMBs) learned the hard way that they are as vulnerable as large enterprises to hackers, hurricanes and the penalties of not complying with federal regulations.
It’s no surprise, then, that the Yankee Group’s 2006 U.S. Small & Medium Business IT Infrastructure Survey (Oct. 2006) found that SMBs’ top concern for 2007 is security, closely followed by backup and restore, and application and data availability.
“Optimization of technical assets” was another top priority, according to the survey.
Learn how EventTracker provides a broad range of capabilities with modest resource requirements and a high ROI
Cool Tools and Tips
Log Management 101
Guide to Computer Security Log Management (Recommendations of the National Institute of Standards and Technology)
A fundamental problem with log management that occurs in many organizations is effectively balancing a limited quantity of log management resources with a continuous supply of log data. Log generation and storage can be complicated by several factors, including a high number of log sources; inconsistent log content, formats, and timestamps among sources; and increasingly large volumes of log data. Log management also involves protecting the confidentiality, integrity, and availability of logs. Another problem with log management is ensuring that security, system, and network administrators regularly perform effective analysis of log data
Using Security Event Logs for troubleshooting and incident response
If you walked into a room and things seemed odd or out of place, wouldn’t it be nice if there was an entry log at the door that you could check to verify who had been in the room or when? If your keys were missing, wouldn’t it be helpful if you had a log that listed out who had touched them last so you could track them down? When a security incident occurs on your computer, such as some sort of malware or system compromise, the security event logs can be very helpful in determining what happened to your computer and when. It might help you track down the individual responsible, or at least it may help you understand what happened so you can fix or undo it. That only works though if the security logging is enabled to begin with.
To learn more about using security event logs for your troubleshooting and incident response, see Why Should I Use Security Event Logs?
Learn how EventTracker manages logs comprehensively for effective security log management, compliance satisfaction and cost reduction.
EventTracker announces 2 new monthly Webinar series for 2007
Event Log Management How-To Series
Monthly webinars designed to explore ways to use EventTracker to its greatest potential for effective and efficient event log management. These webinars are free to anyone with a PrismPass.
Log Management Industry News and Trends Series
These free webinars are designed to bring you the latest industry news and trends affecting log management. Industry experts will discuss what’s on the horizon in security management, compliance regulations, IT operations and how they affect log management.
The next Log Management Industry News and Trends webinar in March features Nelson Ruest as he explores Vista event logs including the changes in the Event Log structure, Vista Task Scheduler, automating Vista Events, and collecting Vista Events.
Nelson Ruest, MCSE+Security, MCT, Microsoft MVP, is an IT professional specializing in systems administration, migration planning, software management and architecture design. Nelson has worked with many companies as well as written books, articles and training sessions to help organizations with complex IT projects and deployment strategies. His articles have appeared in Windows Server System Magazine, Network World, MCP Magazine and Redmond Magazine.