Mobile and Remote Endpoints – Don’t Leave Them Out of Your Monitoring

By: Randy Franklin Smith I’ve always tried to raise awareness about the importance of workstation security logs. Workstation endpoints are a crucial component of security and the first target of today’s bad guys. Look at news reports and you’ll find … Continue reading

Laying Traps for External Information Thieves

by Randy Franklin Smith Wouldn’t it be nice if you detect when an external threat actor, who’s taken over one of your users’ endpoints, goes on a poaching expedition through all the information that user has access to on your … Continue reading

Nineteen Minutes In April

by Jim Romeo In April 16 of 2013, a sniper took a hundred shots at Pacific Gas and Electric’s (PG&E) Metcalf Electric Power Transformer Station. The utility was able to reroute power on the grid and avert a black out. … Continue reading

Case of the Disappearing Objects: How to Audit Who Deleted What in Active Directory

By Randy Franklin Smith I often get asked how to audit the deletion of objects in Active Directory. It’s pretty easy to do this with the Windows Security Log – especially for tracking deletion of users and groups which I’ll … Continue reading

SIEM and Return on Investment: Four Pillars for Success

EventTracker July Newsletter by Jim Romeo Return on investment (ROI) — it is the Achilles heel of IT management. Nobody minds spending money to avoid costs, prevent disasters, and ultimately yield more than the initial investment outlay. But is the … Continue reading

Tracking removable storage with the Windows Security Log

EventTracker June Newsletter By Randy Franklin Smith With data breaches and Snowden-like information grabs, I’m getting increased requests for how to track data moving to and from removable storage, such as flash drives.  The good news is that the Windows … Continue reading

Increasing Security and Driving Down Costs Using the DevOps Approach

EventTracker May 2014 Newsletter By Earl Follis and Ed Tittel The prevailing IT requirement tends toward doing more work faster, but with fewer resources to do such work, many companies must reconsider their traditional approaches to developing, deploying and maintaining … Continue reading

How to analyze login and pre-authentication failures for Windows Server 2003 R2 and below

EventTracker April 2014 Newsletter by Nikunj Shah Analyzing all the login and pre-authentication failures within your organization can be tedious. There are thousands of login failures generated for several reasons. Here we will discuss the different event IDs and error … Continue reading

Avenue to Compromise – Credential Theft

March 2014 EventTracker Newsletter By A.N. Ananth After an attacker has compromised a target infrastructure, the typical next step is credential theft. The objective is to propagate compromise across additional systems, and eventually target Active Directory and domain controllers to … Continue reading

Monitoring File Permission Changes with the Windows Security Log

January/February 2014 EventTracker Newsletter By Randy Franklin Smith Unstructured data access governance is a big compliance concern.  Unstructured data is difficult to secure because there’s so much of it, it’s growing so fast and it is user created so it … Continue reading