White Papers

Architecture Series

Agent and Agentless Monitoring with EventTracker

EventTracker  supports both agent and agentless collection of logs. This paper helps readers understand agents and when they should or should not consider them. Continue reading

EventTracker Architecture: Managing Billions of Logs Every Day

This paper highlights the major advantages of employing EventTracker to consolidate, correlate, and manage event log data by discussing the major design concepts that enable EventTracker to process, store and provide actionable intelligence from the millions of events that the devices in an organization’s IT infrastructure generate each day. Continue reading

Why EventTracker is the best choice for Security Information and Event Management

Offers a brief overview of the top 6 reasons EventTracker should be your security information and event management solution. Continue reading

Change Management Series

Understanding Change Management

The purpose of this document is to help users to understand the concept of Change Monitoring and to introduce the WhatChanged component of EventTracker for centralized change management. Continue reading

Compliance Series

Helping Meet FISMA Compliance With EventTracker

The Federal Information Security Management Act of 2002 (FISMA) was passed with the purpose of improving computer and network security at government agencies and government contractors. By implementing the NIST Framework or the Frameworks applicable for national security systems (ICD 503 and DIACAP) security is certainly enhanced. All three frameworks use the Security Controls Catalog contained in NIST Special Publication 800-53 Revision 3 and this White Paper will examine how EventTracker supports meeting these Controls. Continue reading

Meeting HIPAA Compliance with EventTracker

There are a number of steps a healthcare provider must undertake to meet the Technical Safeguards mandated in the Security Rules of Title II (Administrative Simplification) of the Health Insurance Portability and Accountability Act (HIPAA). With EventTracker a healthcare provider can be confident they have the solution in place to help effectively meet audit requirements. Continue reading

Meeting NISPOM Compliance with EventTracker

The National Industrial Security Program Operating Manual (NISPOM) was developed by the Department of Defense to set comprehensive standards for the protection of classified information. Of specific importance to this White Paper is the Audit Requirements within Chapter 8, which describe the Automated Information System Security requirements. Besides describing the processes involved, NISPOM details the security auditing requirements and calls for the generation, collection, analysis and storage of audit logs. Continue reading

Meeting the Payment Card Industry Data Security Standard

The Payment Card Industry Data Security Standard mandates requirements to protect card holder data. Requirements cover network security, data protection, vulnerability management, access control, monitoring and testing, and information security. This paper discusses the specific requirements and solutions affecting network administrators. Continue reading

Gartner and EventTracker Series

Prevent SIEM from Becoming Shelfware

In our latest newsletter featuring original research from Gartner’s Security & Risk Management Summit, learn how to prevent SIEM from becoming shelfware. Continue reading

Enterprise Series

EventTracker Threat Intelligence Integration

Safeguarding the IT environment has become an increasingly difficult challenge as cyber attackers have become more sophisticated and prolonged in their efforts to steal valuable information. How can Threat Intelligence help? Continue reading

Spotting the Adversary with Windows Event Log Monitoring

An introduction to collecting important Windows workstation event logs and storing them in a central location for easier searching and monitoring of network health. This paper is based on the publication TSA-13-1004-SG from the National Security Agency (NSA) Information Assurance Directorate. Continue reading

SIEM Simplified Answering 4 W’s

To support security, compliance and operational requirements, specific and fast answers to the 4 W questions (Who, What, When, Where) are very desirable. These requirements drive the need to Security Information Event Management (SIEM) solutions that provide detailed and one-pain-of-glass visibility into this data, which is constantly generated within your information ecosystem. Continue reading

EventTracker Cloud: It’s not a SIEM; It’s an Early-Warning System

This whitepaper, written by analyst Javvad Malik of the 451 Group, discusses EventTracker Cloud, a SaaS monitoring product for networks, systems and applications. At the lowest level, EventTracker Cloud offers free alerting via text or email for up to 100 systems, and provides customers with a low-cost method to monitor any potential security breaches, threats or impacts to availability. Continue reading

Monitoring Mobile Devices with ActiveSync Using EventTracker

Exchange ActiveSync enables mobile phone users to access their e-mail, calendar, contacts, and tasks allowing them to continue to have access to this information while they are working offline. This guide provides instructions to monitor mobile devices with ActiveSync Using EventTracker. Continue reading

Leveraging Log Management to provide business value

Despite the obvious benefits of Log Management and its increasing recognition as a critical necessity by the IT organization, Log Management is still viewed by Executives and Senior Management as a tactical effort, an item on a checklist that addresses a specific set of requirements, typically related to compliance or security. Continue reading

Managing The Virtualized Enterprise: New Technology, New Challenges

The benefits of employing virtualization in the corporate data center are compelling — lower operatingcosts, better resource utilization, increased availability of critical infrastructure to name just a few. It is anapparent “no brainer” which explains why so many organizations are jumping on the bandwagon. This White Paper examines the technology and management challenges that result from virtualization, and how EventTracker addresses them. Continue reading

Top Ten Insider Threats

This Whitepaper discusses the top ten insider activities you have to monitor to make sure your employees are not violating security policy or opening up easy routes for insider abuse. Implementing these recommendations is fast, cost effective and will help prevent costly insider hacks and data leakage from impacting your business. Continue reading

Security Beyond the Windows Event Log — Monitoring Ten Critical Conditions

This technical white paper describes the ten most critical security conditions that are not monitored by the Windows Operating System or logged in the Event Log. These conditions are critical for any enterprise large or small. Continue reading

Managing USB Mass Storage Devices — Best Practices

This White Paper discusses how you can take advantage of the power of high capacity USB storage devices like thumb/flash drives without leaving your operation wide open to critical company information being misappropriated. Until now the choice has been to either shut down USB devices — either in Active Directory or through more extreme methods (the “glue in the USB port” trick comes to mind) — or simply trust every user to do the right thing. This paper introduces a third way that Prism Microsystems calls “Trust but Verify” which is made possible by EventTracker’s advanced USB monitoring capability. Continue reading

SIEM Simplified Series

Using Windows Event Collector

This document provides guidance on configuring Windows 2008 Server or Windows 7 or higher systems to forward selected events from their event log to another Windows system which acts as the Event Collector. EventTracker can then receive events from the Event Collector and properly distinguish each event.

Continue reading