Tracking Physical Presence with the Windows Security Log

By Randy Franklin Smith How do you figure out when someone was actually logged onto their PC?  By “logged onto” I mean, physically present and interacting with their computer. The data … Continue reading

What is privilege escalation and why should you care?

By David Strom A common hacking method is to steal information by first gaining lower-level access to your network. This can happen in a variety of ways: through a print … Continue reading

How to control and detect users logging onto unauthorized computers

By: Randy Franklin Smith Windows gives you several ways to control which computers can be logged onto with a given account.  Leveraging these features is a critical way to defend … Continue reading

Should I be doing EDR? Why isn’t anti-virus enough anymore?

By: David Strom Detecting virus signatures is so last year. Creating a virus with a unique signature or hash is quite literally child’s play, and most anti-virus products catch just … Continue reading

Detecting Ransomware: The Same as Detecting Any Kind of Malware?

By Randy Franklin Smith Ransomware burst onto the scene with high profile attacks against hospitals, law firms and other organizations.  What is it and how can you detect it?  Ransomware … Continue reading

Welcome to the New Security World of SMB Partners

By Evan Schuman Yet another recent report confirms the obvious, that SMBs in general do not take security seriously enough. The truth is a bit more nuanced than that, of … Continue reading

Cloud Security Starts at Home

By Randy Franklin Smith Cloud security is getting attention and that’s as it should be.  But before you get hung up on techie security details, like whether SAML is more … Continue reading

Certificates and Digitally Signed Applications: A Double Edged Sword

By Randy Franklin Smith Windows supports the digitally signing of EXEs and other application files so that you can verify the provenance of software before it executes on your system.  … Continue reading

The Assume Breach Paradigm

By A.N. Ananth Given today’s threat landscape, let’s acknowledge that a breach has either already occurred within our network or that it’s only a matter of time until it will. … Continue reading

Focus on assets, not threats

By A.N. Ananth As defenders, it is our job to make the attackers’ lot in life harder. Push them up the “pyramid of pain“. Be a hard target so they … Continue reading

Catching Hackers Living off the Land Requires More than Just Logs

By Randy Franklin Smith If attackers can deploy a remote administration tool (RAT) on your network, it makes it so much easier for them. RATs make it luxurious for bad … Continue reading

How to Detect Low Level Permission Changes in Active Directory

We hear a lot about tracking privileged access today because privileged users like Domain Admins can do a lot of damage. But more importantly, if their accounts are compromised the … Continue reading

Are You Listening to Your Endpoints?

There’s plenty of interest in all kinds of advanced security technologies like threat intelligence, strong/dynamic authentication, data loss prevention and information rights management. However, so many organizations still don’t know … Continue reading

Strengthen your defenses where the battle is actually being fought – the endpoint

By: Randy Franklin Smith Defense-in-depth pretty much secures and confirms the thought that every security technology has a place but are they really all created equal? Security is not a … Continue reading

Venom Vulnerability exposes most Data Centers to Cyber Attacks

Just after a new security vulnerability surfaced Wednesday, many tech outlets started comparing it with HeartBleed, the serious security glitch uncovered last year that rendered communications with many well-known web … Continue reading

Four Key Steps to Rapid Incident Response

by Dan Sullivan Is it possible to avoid security breaches? Judging from recent headlines, probably not. Victims range from startups like Kreditech, to major retailers like Target,to the US State … Continue reading

Enriching Event Log Monitoring by Correlating Non Event Security Information

Sometimes we get hung up on event monitoring and forget about the “I” in SIEM which stands for information. Not forgetting Information is important because there are many sources of non-event … Continue reading

Why Naming Conventions are Important to Log Monitoring

EventTracker January Newsletter By: Randy Franklin Smith Log monitoring is difficult for many reasons. For one thing there are not many events that unquestionably indicate an intrusion or malicious activity. … Continue reading

4 Fundamentals of Good Security Log Monitoring

December Newsletter By: Randy Franklin Smith Effective security log monitoring is a very technical challenge that requires a lot of arcane knowledge and it is easy to get lost in … Continue reading

Mobile and Remote Endpoints – Don’t Leave Them Out of Your Monitoring

November Newsletter By: Randy Franklin Smith I’ve always tried to raise awareness about the importance of workstation security logs. Workstation endpoints are a crucial component of security and the first … Continue reading

Laying Traps for External Information Thieves

October Newsletter by Randy Franklin Smith Wouldn’t it be nice if you detect when an external threat actor, who’s taken over one of your users’ endpoints, goes on a poaching … Continue reading

Nineteen Minutes In April

September Newsletter by Jim Romeo In April 16 of 2013, a sniper took a hundred shots at Pacific Gas and Electric’s (PG&E) Metcalf Electric Power Transformer Station. The utility was … Continue reading

Case of the Disappearing Objects: How to Audit Who Deleted What in Active Directory

August Newsletter By Randy Franklin Smith I often get asked how to audit the deletion of objects in Active Directory. It’s pretty easy to do this with the Windows Security … Continue reading

SIEM and Return on Investment: Four Pillars for Success

EventTracker July Newsletter by Jim Romeo Return on investment (ROI) — it is the Achilles heel of IT management. Nobody minds spending money to avoid costs, prevent disasters, and ultimately … Continue reading

Tracking removable storage with the Windows Security Log

EventTracker June Newsletter By Randy Franklin Smith With data breaches and Snowden-like information grabs, I’m getting increased requests for how to track data moving to and from removable storage, such … Continue reading

Increasing Security and Driving Down Costs Using the DevOps Approach

EventTracker May 2014 Newsletter By Earl Follis and Ed Tittel The prevailing IT requirement tends toward doing more work faster, but with fewer resources to do such work, many companies … Continue reading

How to analyze login and pre-authentication failures for Windows Server 2003 R2 and below

EventTracker April 2014 Newsletter by Nikunj Shah Analyzing all the login and pre-authentication failures within your organization can be tedious. There are thousands of login failures generated for several reasons. … Continue reading

Avenue to Compromise – Credential Theft

March 2014 EventTracker Newsletter By A.N. Ananth After an attacker has compromised a target infrastructure, the typical next step is credential theft. The objective is to propagate compromise across additional … Continue reading

Monitoring File Permission Changes with the Windows Security Log

January/February 2014 EventTracker Newsletter By Randy Franklin Smith Unstructured data access governance is a big compliance concern.  Unstructured data is difficult to secure because there’s so much of it, it’s … Continue reading

Information Security Officer Extraordinaire

EventTracker December Newsletter   Industry News: Lessons Learned From 4 Major Data Breaches In 2013 Dark Reading Last year at this time, the running count already totaled approximately 27.8 million … Continue reading

Auditing File Shares with the Windows Security Log

EventTracker November Newsletter By Randy Franklin Smith Over the years, security admins have repeatedly asked me how to audit file shares in Windows.  Until Windows Server 2008, there were no … Continue reading

Simplifying SIEM

EventTracker October Newsletter By A.N. Ananth, CEO, EventTracker Since its inception, SIEM has been something for the well-to-do IT Department; the one that can spend tens or hundreds of thousands … Continue reading

Pay Attention to System Security Access Events

EventTracker September Newsletter By Randy Franklin Smith There are five different ways you can log on in Windows called “logon types.” The Windows Security Log lists the logon type in … Continue reading

Savvy IT Is The Way To Go

August Newsletter By: Rich Ptak, Managing Partner, Ptak, Noel & Associates LLC There is a lot of discussion in the context of cloud as well as traditional computing regarding Smart IT, … Continue reading

Following a User’s Logon Tracks throughout the Windows Domain

July Newsletter By Randy Franklin Smith What security events get logged when a user logs on to their workstation with a domain account and proceeds to run local applications and … Continue reading