What is privilege escalation and why should you care?

By David Strom A common hacking method is to steal information by first gaining lower-level access to your network. This can happen in a variety of ways: through a print … Continue reading



How to control and detect users logging onto unauthorized computers

By: Randy Franklin Smith Windows gives you several ways to control which computers can be logged onto with a given account.  Leveraging these features is a critical way to defend … Continue reading



Should I be doing EDR? Why isn’t anti-virus enough anymore?

By: David Strom Detecting virus signatures is so last year. Creating a virus with a unique signature or hash is quite literally child’s play, and most anti-virus products catch just … Continue reading



Detecting Ransomware: The Same as Detecting Any Kind of Malware?

By Randy Franklin Smith Ransomware burst onto the scene with high profile attacks against hospitals, law firms and other organizations.  What is it and how can you detect it?  Ransomware … Continue reading



Welcome to the New Security World of SMB Partners

By Evan Schuman Yet another recent report confirms the obvious, that SMBs in general do not take security seriously enough. The truth is a bit more nuanced than that, of … Continue reading



Cloud Security Starts at Home

By Randy Franklin Smith Cloud security is getting attention and that’s as it should be.  But before you get hung up on techie security details, like whether SAML is more … Continue reading



Certificates and Digitally Signed Applications: A Double Edged Sword

By Randy Franklin Smith Windows supports the digitally signing of EXEs and other application files so that you can verify the provenance of software before it executes on your system.  … Continue reading



The Assume Breach Paradigm

By A.N. Ananth Given today’s threat landscape, let’s acknowledge that a breach has either already occurred within our network or that it’s only a matter of time until it will. … Continue reading



Focus on assets, not threats

By A.N. Ananth As defenders, it is our job to make the attackers’ lot in life harder. Push them up the “pyramid of pain“. Be a hard target so they … Continue reading



Catching Hackers Living off the Land Requires More than Just Logs

By Randy Franklin Smith If attackers can deploy a remote administration tool (RAT) on your network, it makes it so much easier for them. RATs make it luxurious for bad … Continue reading



How to Detect Low Level Permission Changes in Active Directory

We hear a lot about tracking privileged access today because privileged users like Domain Admins can do a lot of damage. But more importantly, if their accounts are compromised the … Continue reading



Are You Listening to Your Endpoints?

There’s plenty of interest in all kinds of advanced security technologies like threat intelligence, strong/dynamic authentication, data loss prevention and information rights management. However, so many organizations still don’t know … Continue reading



Strengthen your defenses where the battle is actually being fought – the endpoint

By: Randy Franklin Smith Defense-in-depth pretty much secures and confirms the thought that every security technology has a place but are they really all created equal? Security is not a … Continue reading



Venom Vulnerability exposes most Data Centers to Cyber Attacks

Just after a new security vulnerability surfaced Wednesday, many tech outlets started comparing it with HeartBleed, the serious security glitch uncovered last year that rendered communications with many well-known web … Continue reading



Four Key Steps to Rapid Incident Response

by Dan Sullivan Is it possible to avoid security breaches? Judging from recent headlines, probably not. Victims range from startups like Kreditech, to major retailers like Target,to the US State … Continue reading



Enriching Event Log Monitoring by Correlating Non Event Security Information

Sometimes we get hung up on event monitoring and forget about the “I” in SIEM which stands for information. Not forgetting Information is important because there are many sources of non-event … Continue reading



Why Naming Conventions are Important to Log Monitoring

EventTracker January Newsletter By: Randy Franklin Smith Log monitoring is difficult for many reasons. For one thing there are not many events that unquestionably indicate an intrusion or malicious activity. … Continue reading



4 Fundamentals of Good Security Log Monitoring

December Newsletter By: Randy Franklin Smith Effective security log monitoring is a very technical challenge that requires a lot of arcane knowledge and it is easy to get lost in … Continue reading



Mobile and Remote Endpoints – Don’t Leave Them Out of Your Monitoring

November Newsletter By: Randy Franklin Smith I’ve always tried to raise awareness about the importance of workstation security logs. Workstation endpoints are a crucial component of security and the first … Continue reading



Laying Traps for External Information Thieves

October Newsletter by Randy Franklin Smith Wouldn’t it be nice if you detect when an external threat actor, who’s taken over one of your users’ endpoints, goes on a poaching … Continue reading



Nineteen Minutes In April

September Newsletter by Jim Romeo In April 16 of 2013, a sniper took a hundred shots at Pacific Gas and Electric’s (PG&E) Metcalf Electric Power Transformer Station. The utility was … Continue reading



Case of the Disappearing Objects: How to Audit Who Deleted What in Active Directory

August Newsletter By Randy Franklin Smith I often get asked how to audit the deletion of objects in Active Directory. It’s pretty easy to do this with the Windows Security … Continue reading



SIEM and Return on Investment: Four Pillars for Success

EventTracker July Newsletter by Jim Romeo Return on investment (ROI) — it is the Achilles heel of IT management. Nobody minds spending money to avoid costs, prevent disasters, and ultimately … Continue reading



Tracking removable storage with the Windows Security Log

EventTracker June Newsletter By Randy Franklin Smith With data breaches and Snowden-like information grabs, I’m getting increased requests for how to track data moving to and from removable storage, such … Continue reading



Increasing Security and Driving Down Costs Using the DevOps Approach

EventTracker May 2014 Newsletter By Earl Follis and Ed Tittel The prevailing IT requirement tends toward doing more work faster, but with fewer resources to do such work, many companies … Continue reading



How to analyze login and pre-authentication failures for Windows Server 2003 R2 and below

EventTracker April 2014 Newsletter by Nikunj Shah Analyzing all the login and pre-authentication failures within your organization can be tedious. There are thousands of login failures generated for several reasons. … Continue reading



Avenue to Compromise – Credential Theft

March 2014 EventTracker Newsletter By A.N. Ananth After an attacker has compromised a target infrastructure, the typical next step is credential theft. The objective is to propagate compromise across additional … Continue reading



Monitoring File Permission Changes with the Windows Security Log

January/February 2014 EventTracker Newsletter By Randy Franklin Smith Unstructured data access governance is a big compliance concern.  Unstructured data is difficult to secure because there’s so much of it, it’s … Continue reading



Information Security Officer Extraordinaire

EventTracker December Newsletter   Industry News: Lessons Learned From 4 Major Data Breaches In 2013 Dark Reading Last year at this time, the running count already totaled approximately 27.8 million … Continue reading



Auditing File Shares with the Windows Security Log

EventTracker November Newsletter By Randy Franklin Smith Over the years, security admins have repeatedly asked me how to audit file shares in Windows.  Until Windows Server 2008, there were no … Continue reading



Simplifying SIEM

EventTracker October Newsletter By A.N. Ananth, CEO, EventTracker Since its inception, SIEM has been something for the well-to-do IT Department; the one that can spend tens or hundreds of thousands … Continue reading



Pay Attention to System Security Access Events

EventTracker September Newsletter By Randy Franklin Smith There are five different ways you can log on in Windows called “logon types.” The Windows Security Log lists the logon type in … Continue reading



Savvy IT Is The Way To Go

August Newsletter By: Rich Ptak, Managing Partner, Ptak, Noel & Associates LLC There is a lot of discussion in the context of cloud as well as traditional computing regarding Smart IT, … Continue reading



Following a User’s Logon Tracks throughout the Windows Domain

July Newsletter By Randy Franklin Smith What security events get logged when a user logs on to their workstation with a domain account and proceeds to run local applications and … Continue reading



What is happening to log files? The Internet of Things, Big Data, Analytics, Security, Visualization – OH MY!

June EventSource Newsletter By: Rich Ptak, Managing Partner, Ptak, Noel & Associates LLC Over the past year, enterprise IT has had more than a few things emerge to frustrate and … Continue reading