Focus on assets, not threats

By A.N. Ananth As defenders, it is our job to make the attackers’ lot in life harder. Push them up the “pyramid of pain“. Be a hard target so they … Continue reading

Catching Hackers Living off the Land Requires More than Just Logs

If attackers can deploy a remote administration tool (RAT) on your network, it makes it so much easier for them. RATs make it luxurious for bad guys; it’s like being … Continue reading

How to Detect Low Level Permission Changes in Active Directory

We hear a lot about tracking privileged access today because privileged users like Domain Admins can do a lot of damage. But more importantly, if their accounts are compromised the … Continue reading

Are You Listening to Your Endpoints?

There’s plenty of interest in all kinds of advanced security technologies like threat intelligence, strong/dynamic authentication, data loss prevention and information rights management. However, so many organizations still don’t know … Continue reading

Strengthen your defenses where the battle is actually being fought – the endpoint

By: Randy Franklin Smith Defense-in-depth pretty much secures and confirms the thought that every security technology has a place but are they really all created equal? Security is not a … Continue reading

Venom Vulnerability exposes most Data Centers to Cyber Attacks

Just after a new security vulnerability surfaced Wednesday, many tech outlets started comparing it with HeartBleed, the serious security glitch uncovered last year that rendered communications with many well-known web … Continue reading

Four Key Steps to Rapid Incident Response

by Dan Sullivan Is it possible to avoid security breaches? Judging from recent headlines, probably not. Victims range from startups like Kreditech, to major retailers like Target,to the US State … Continue reading

Enriching Event Log Monitoring by Correlating Non Event Security Information

Sometimes we get hung up on event monitoring and forget about the “I” in SIEM which stands for information. Not forgetting Information is important because there are many sources of non-event … Continue reading

Why Naming Conventions are Important to Log Monitoring

EventTracker January Newsletter By: Randy Franklin Smith Log monitoring is difficult for many reasons. For one thing there are not many events that unquestionably indicate an intrusion or malicious activity. … Continue reading

4 Fundamentals of Good Security Log Monitoring

December Newsletter By: Randy Franklin Smith Effective security log monitoring is a very technical challenge that requires a lot of arcane knowledge and it is easy to get lost in … Continue reading

Mobile and Remote Endpoints – Don’t Leave Them Out of Your Monitoring

November Newsletter By: Randy Franklin Smith I’ve always tried to raise awareness about the importance of workstation security logs. Workstation endpoints are a crucial component of security and the first … Continue reading

Laying Traps for External Information Thieves

October Newsletter by Randy Franklin Smith Wouldn’t it be nice if you detect when an external threat actor, who’s taken over one of your users’ endpoints, goes on a poaching … Continue reading

Nineteen Minutes In April

September Newsletter by Jim Romeo In April 16 of 2013, a sniper took a hundred shots at Pacific Gas and Electric’s (PG&E) Metcalf Electric Power Transformer Station. The utility was … Continue reading

Case of the Disappearing Objects: How to Audit Who Deleted What in Active Directory

August Newsletter By Randy Franklin Smith I often get asked how to audit the deletion of objects in Active Directory. It’s pretty easy to do this with the Windows Security … Continue reading

SIEM and Return on Investment: Four Pillars for Success

EventTracker July Newsletter by Jim Romeo Return on investment (ROI) — it is the Achilles heel of IT management. Nobody minds spending money to avoid costs, prevent disasters, and ultimately … Continue reading

Tracking removable storage with the Windows Security Log

EventTracker June Newsletter By Randy Franklin Smith With data breaches and Snowden-like information grabs, I’m getting increased requests for how to track data moving to and from removable storage, such … Continue reading

Increasing Security and Driving Down Costs Using the DevOps Approach

EventTracker May 2014 Newsletter By Earl Follis and Ed Tittel The prevailing IT requirement tends toward doing more work faster, but with fewer resources to do such work, many companies … Continue reading

How to analyze login and pre-authentication failures for Windows Server 2003 R2 and below

EventTracker April 2014 Newsletter by Nikunj Shah Analyzing all the login and pre-authentication failures within your organization can be tedious. There are thousands of login failures generated for several reasons. … Continue reading

Avenue to Compromise – Credential Theft

March 2014 EventTracker Newsletter By A.N. Ananth After an attacker has compromised a target infrastructure, the typical next step is credential theft. The objective is to propagate compromise across additional … Continue reading

Monitoring File Permission Changes with the Windows Security Log

January/February 2014 EventTracker Newsletter By Randy Franklin Smith Unstructured data access governance is a big compliance concern.  Unstructured data is difficult to secure because there’s so much of it, it’s … Continue reading

Information Security Officer Extraordinaire

EventTracker December Newsletter   Industry News: Lessons Learned From 4 Major Data Breaches In 2013 Dark Reading Last year at this time, the running count already totaled approximately 27.8 million … Continue reading

Auditing File Shares with the Windows Security Log

EventTracker November Newsletter By Randy Franklin Smith Over the years, security admins have repeatedly asked me how to audit file shares in Windows.  Until Windows Server 2008, there were no … Continue reading

Simplifying SIEM

EventTracker October Newsletter By A.N. Ananth, CEO, EventTracker Since its inception, SIEM has been something for the well-to-do IT Department; the one that can spend tens or hundreds of thousands … Continue reading

Pay Attention to System Security Access Events

EventTracker September Newsletter By Randy Franklin Smith There are five different ways you can log on in Windows called “logon types.” The Windows Security Log lists the logon type in … Continue reading

Savvy IT Is The Way To Go

August Newsletter By: Rich Ptak, Managing Partner, Ptak, Noel & Associates LLC There is a lot of discussion in the context of cloud as well as traditional computing regarding Smart IT, … Continue reading

Following a User’s Logon Tracks throughout the Windows Domain

July Newsletter By Randy Franklin Smith What security events get logged when a user logs on to their workstation with a domain account and proceeds to run local applications and … Continue reading

What is happening to log files? The Internet of Things, Big Data, Analytics, Security, Visualization – OH MY!

June EventSource Newsletter By: Rich Ptak, Managing Partner, Ptak, Noel & Associates LLC Over the past year, enterprise IT has had more than a few things emerge to frustrate and … Continue reading

Using Dynamic Audit Policy to Detect Unauthorized File Access

May EventSource Newsletter Article by: Randy Franklin Smith One thing I always wished you could do in Windows auditing was mandate that access to an object be audited if the … Continue reading

Detecting Persistent Attacks with SIEM

Detecting Persistent Attacks with SIEM As you read this, attackers are working to infiltrate your network and ex-filtrate valuable information like trade secrets and credit card numbers. In this newsletter … Continue reading

How to Use Process Tracking Events in the Windows Security Log

By: Randy Franklin Smith I think one of the most underutilized features of Windows Auditing and the Security Log are Process Tracking events. In Windows 2003/XP you get these events … Continue reading

IT Operations: Problem-Solvers? Infrastructure Maintenance? Solution Providers?

By: Rich Ptak, Managing Partner, Ptak, Noel & Associates LLC On a recent flight returning from an engagement with a client, my seating companion and I exchanged a few words … Continue reading

Top 4 Security Questions You Can Only Answer with Workstation Logon/Logoff Events

By: Randy Franklin Smith I often encounter a dangerous misconception about the Windows Security Log: the idea that you only need to monitor domain controller logs.  Domain controller security logs … Continue reading

Looking Back on the forecast of IT Trends and Comments for 2012

By: Rich Ptak, Managing Partner, Ptak, Noel & Associates LLC “The beginning of a new year marks a time of reflection on the past and anticipation of the future. The … Continue reading

Choosing The Solution That Works For You

Troubleshooting problems with enterprise applications and services are often exercises in frustration for IT and business staff. The reasons are well documented – complex architectures, disparate, unintegrated monitoring solutions, and … Continue reading

Leveraging The User To Improve IT Solutions

By: Rich Ptak, Managing Partner, Ptak, Noel & Associates LLC I’ve spent the last 20 years analyzing the Information Technologies market. My work with vendors has ranged from developing business … Continue reading