White Papers

What's New

5 Indicators of Endpoint Evil

With so much focus on security these days, it’s easy to imagine that IT departments are winning the battle against malware and other threats. But all too often, a lack of focus on certain areas of the network may actually lead to a decrease in an organization’s security posture, and an increase in risk. Continue reading

Top Ten Insider Threats and How to Prevent Them

With companies making painful personnel and compensation choices in this poor economy, one of the impacts has been an explosion in the number of insider data theft cases. According to the 2015 Verizon Data Breach Report, approximately 20% of all data breaches are classified as ‘‘insider misuse.’’ Insider theft and other malicious behavior are particularly difficult to detect and prevent because employees often have legitimate access to sensitive corporate data and tend to know the weaknesses in their organization’s infrastructure. Continue reading

Featured White Papers

EventTracker Threat Intelligence Integration

Safeguarding the IT environment has become an increasingly difficult challenge as cyber attackers have become more sophisticated and prolonged in their efforts to steal valuable information. How can Threat Intelligence help? Continue reading

Why EventTracker is the best choice for Security Information and Event Management

Offers a brief overview of the top 6 reasons EventTracker should be your security information and event management solution. Continue reading

Security Beyond the Windows Event Log — Monitoring Ten Critical Conditions

This technical white paper describes the ten most critical security conditions that are not monitored by the Windows Operating System or logged in the Event Log. These conditions are critical for any enterprise large or small. Continue reading

EventTracker Architecture: Managing Billions of Logs Every Day

This paper highlights the major advantages of employing EventTracker to consolidate, correlate, and manage event log data by discussing the major design concepts that enable EventTracker to process, store and provide actionable intelligence from the millions of events that the devices in an organization’s IT infrastructure generate each day. Continue reading

Managing USB Mass Storage Devices — Best Practices

This White Paper discusses how you can take advantage of the power of high capacity USB storage devices like thumb/flash drives without leaving your operation wide open to critical company information being misappropriated. Until now the choice has been to either shut down USB devices — either in Active Directory or through more extreme methods (the “glue in the USB port” trick comes to mind) — or simply trust every user to do the right thing. This paper introduces a third way that Prism Microsystems calls “Trust but Verify” which is made possible by EventTracker’s advanced USB monitoring capability. Continue reading

Agent and Agentless Monitoring with EventTracker

EventTracker  supports both agent and agentless collection of logs. This paper helps readers understand agents and when they should or should not consider them. Continue reading

EventTracker Cloud: It’s not a SIEM; It’s an Early-Warning System

This whitepaper, written by analyst Javvad Malik of the 451 Group, discusses EventTracker Cloud, a SaaS monitoring product for networks, systems and applications. At the lowest level, EventTracker Cloud offers free alerting via text or email for up to 100 systems, and provides customers with a low-cost method to monitor any potential security breaches, threats or impacts to availability. Continue reading

Using Windows Event Collector

This document provides guidance on configuring Windows 2008 Server or Windows 7 or higher systems to forward selected events from their event log to another Windows system which acts as the Event Collector. EventTracker can then receive events from the Event Collector and properly distinguish each event.

Continue reading

Helping Meet FISMA Compliance With EventTracker

The Federal Information Security Management Act of 2002 (FISMA) was passed with the purpose of improving computer and network security at government agencies and government contractors. By implementing the NIST Framework or the Frameworks applicable for national security systems (ICD 503 and DIACAP) security is certainly enhanced. All three frameworks use the Security Controls Catalog contained in NIST Special Publication 800-53 Revision 3 and this White Paper will examine how EventTracker supports meeting these Controls. Continue reading

Meeting HIPAA Compliance with EventTracker

There are a number of steps a healthcare provider must undertake to meet the Technical Safeguards mandated in the Security Rules of Title II (Administrative Simplification) of the Health Insurance Portability and Accountability Act (HIPAA). With EventTracker a healthcare provider can be confident they have the solution in place to help effectively meet audit requirements. Continue reading

Meeting NISPOM Compliance with EventTracker

The National Industrial Security Program Operating Manual (NISPOM) was developed by the Department of Defense to set comprehensive standards for the protection of classified information. Of specific importance to this White Paper is the Audit Requirements within Chapter 8, which describe the Automated Information System Security requirements. Besides describing the processes involved, NISPOM details the security auditing requirements and calls for the generation, collection, analysis and storage of audit logs. Continue reading

Meeting the Payment Card Industry Data Security Standard

The Payment Card Industry Data Security Standard mandates requirements to protect card holder data. Requirements cover network security, data protection, vulnerability management, access control, monitoring and testing, and information security. This paper discusses the specific requirements and solutions affecting network administrators. Continue reading

Spotting the Adversary with Windows Event Log Monitoring

An introduction to collecting important Windows workstation event logs and storing them in a central location for easier searching and monitoring of network health. This paper is based on the publication TSA-13-1004-SG from the National Security Agency (NSA) Information Assurance Directorate. Continue reading

SIEM Simplified Answering 4 W’s

To support security, compliance and operational requirements, specific and fast answers to the 4 W questions (Who, What, When, Where) are very desirable. These requirements drive the need to Security Information Event Management (SIEM) solutions that provide detailed and one-pain-of-glass visibility into this data, which is constantly generated within your information ecosystem. Continue reading

Monitoring Mobile Devices with ActiveSync Using EventTracker

Exchange ActiveSync enables mobile phone users to access their e-mail, calendar, contacts, and tasks allowing them to continue to have access to this information while they are working offline. This guide provides instructions to monitor mobile devices with ActiveSync Using EventTracker. Continue reading

Leveraging Log Management to provide business value

Despite the obvious benefits of Log Management and its increasing recognition as a critical necessity by the IT organization, Log Management is still viewed by Executives and Senior Management as a tactical effort, an item on a checklist that addresses a specific set of requirements, typically related to compliance or security. Continue reading

Managing The Virtualized Enterprise: New Technology, New Challenges

The benefits of employing virtualization in the corporate data center are compelling — lower operatingcosts, better resource utilization, increased availability of critical infrastructure to name just a few. It is anapparent “no brainer” which explains why so many organizations are jumping on the bandwagon. This White Paper examines the technology and management challenges that result from virtualization, and how EventTracker addresses them. Continue reading

Understanding Change Management

The purpose of this document is to help users to understand the concept of Change Monitoring and to introduce the WhatChanged component of EventTracker for centralized change management. Continue reading

Have your cake and eat it too

Implementing a complete SIEM solution is a smart move when budgets are tight and resources are limited. Learn how you can improve IT security and comply with regulatory requirements while reducing operational costs and saving money. Continue reading

Fifty Critical Alerts for Monitoring Windows Servers

This whitepaper discusses the most important events generated by your Windows servers and demonstrates how strategic monitoring of these critical events combined with a robust resolution strategy results in a significant reduction of IT costs and ensures increased service availability and enhanced security of your enterprise. Continue reading

Five Code RED Security Threats to Windows Servers — How to Detect Them

The purpose of this white paper is to identify and demonstrate how to detect five of the most significant security threats. Critical alert notifications and an effective resolution strategy will reduce IT costs, while increasing service availability and enhancing the security of your enterprise. Continue reading

Monitoring Windows Workstations Seven Important Events

Monitoring event logs from workstations provides two important benefits a) it saves money by adopting a proactive approach to supporting end users (enhanced productivity), and b) it enhances overall security of your organization. Continue reading

Monitoring Exchange Server Using EventTracker

With EventTracker you can monitor all of your servers running Microsoft Exchange from a single view. Through alerts, knowledge base solutions, and reports, EventTracker helps you correct problems long before a catastrophic failure occurs. EventTracker also includes reports that allow you to summarize server availability. Continue reading

Return on Investment (ROI) calculator

Organizations are looking to reduce costs around device management by reducing the number of dedicated employees handling proactive and reactive management or transferring operations to less costly resources. At the same time, there is an increasing demand for high levels of service and availability. Read this whitepaper to learn how automated event log management can help you achieve these goals. Continue reading

Monitoring SharePoint Server Using EventTracker

With EventTracker you can monitor all of your servers running SharePoint from a single view. Through alerts, knowledge base solutions, and reports, EventTracker helps you correct problems long before a catastrophic failure occurs. EventTracker also includes reports that allow you to summarize server availability. Continue reading