Newsletters


How to analyze login and pre-authentication failures for Windows Server 2003 R2 and below

EventTracker April 2014 Newsletter by Nikunj Shah Analyzing all the login and pre-authentication failures within your organization can be tedious. There are thousands of login failures generated for several reasons. Here we will discuss the different event IDs and error … Continue reading



Avenue to Compromise – Credential Theft

March 2014 EventTracker Newsletter By A.N. Ananth After an attacker has compromised a target infrastructure, the typical next step is credential theft. The objective is to propagate compromise across additional systems, and eventually target Active Directory and domain controllers to … Continue reading



Monitoring File Permission Changes with the Windows Security Log

January/February 2014 EventTracker Newsletter By Randy Franklin Smith Unstructured data access governance is a big compliance concern.  Unstructured data is difficult to secure because there’s so much of it, it’s growing so fast and it is user created so it … Continue reading



Information Security Officer Extraordinaire

EventTracker December Newsletter   Industry News: Lessons Learned From 4 Major Data Breaches In 2013 Dark Reading Last year at this time, the running count already totaled approximately 27.8 million records compromised and 637 breaches reported. This year, that tally … Continue reading



Auditing File Shares with the Windows Security Log

EventTracker November Newsletter By Randy Franklin Smith Over the years, security admins have repeatedly asked me how to audit file shares in Windows.  Until Windows Server 2008, there were no specific events for file shares.  The best we could do … Continue reading



Simplifying SIEM

EventTracker October Newsletter By A.N. Ananth, CEO, EventTracker Since its inception, SIEM has been something for the well-to-do IT Department; the one that can spend tens or hundreds of thousands of dollars on a capital acquisition of the technology and … Continue reading



Pay Attention to System Security Access Events

EventTracker September Newsletter By Randy Franklin Smith There are five different ways you can log on in Windows called “logon types.” The Windows Security Log lists the logon type in event ID 4624 whenever you log on. Logon type allows … Continue reading



Savvy IT Is The Way To Go

August Newsletter By: Rich Ptak, Managing Partner, Ptak, Noel & Associates LLC There is a lot of discussion in the context of cloud as well as traditional computing regarding Smart IT, Smarter Planets, Smart and Smarter Computing. Which makes a lot … Continue reading



Following a User’s Logon Tracks throughout the Windows Domain

July Newsletter By Randy Franklin Smith What security events get logged when a user logs on to their workstation with a domain account and proceeds to run local applications and access resources on servers in the domain? When a user … Continue reading



What is happening to log files? The Internet of Things, Big Data, Analytics, Security, Visualization – OH MY!

June EventSource Newsletter By: Rich Ptak, Managing Partner, Ptak, Noel & Associates LLC Over the past year, enterprise IT has had more than a few things emerge to frustrate and challenge it. High on the list has to be limited … Continue reading