Enriching Event Log Monitoring by Correlating Non Event Security Information

Sometimes we get hung up on event monitoring and forget about the “I” in SIEM which stands for information. Not forgetting Information is important because there are many sources of non-event … Continue reading

Why Naming Conventions are Important to Log Monitoring

EventTracker January Newsletter By: Randy Franklin Smith Log monitoring is difficult for many reasons. For one thing there are not many events that unquestionably indicate an intrusion or malicious activity. … Continue reading

4 Fundamentals of Good Security Log Monitoring

December Newsletter By: Randy Franklin Smith Effective security log monitoring is a very technical challenge that requires a lot of arcane knowledge and it is easy to get lost in … Continue reading

Mobile and Remote Endpoints – Don’t Leave Them Out of Your Monitoring

November Newsletter By: Randy Franklin Smith I’ve always tried to raise awareness about the importance of workstation security logs. Workstation endpoints are a crucial component of security and the first … Continue reading

Laying Traps for External Information Thieves

October Newsletter by Randy Franklin Smith Wouldn’t it be nice if you detect when an external threat actor, who’s taken over one of your users’ endpoints, goes on a poaching … Continue reading

Nineteen Minutes In April

September Newsletter by Jim Romeo In April 16 of 2013, a sniper took a hundred shots at Pacific Gas and Electric’s (PG&E) Metcalf Electric Power Transformer Station. The utility was … Continue reading

Case of the Disappearing Objects: How to Audit Who Deleted What in Active Directory

August Newsletter By Randy Franklin Smith I often get asked how to audit the deletion of objects in Active Directory. It’s pretty easy to do this with the Windows Security … Continue reading

SIEM and Return on Investment: Four Pillars for Success

EventTracker July Newsletter by Jim Romeo Return on investment (ROI) — it is the Achilles heel of IT management. Nobody minds spending money to avoid costs, prevent disasters, and ultimately … Continue reading

Tracking removable storage with the Windows Security Log

EventTracker June Newsletter By Randy Franklin Smith With data breaches and Snowden-like information grabs, I’m getting increased requests for how to track data moving to and from removable storage, such … Continue reading

Increasing Security and Driving Down Costs Using the DevOps Approach

EventTracker May 2014 Newsletter By Earl Follis and Ed Tittel The prevailing IT requirement tends toward doing more work faster, but with fewer resources to do such work, many companies … Continue reading