Download the Report
Advanced Threat Protection
Download the Datasheet
Let's Go Threat Hunting: Gain Visibility and Insight into Potential Threats and Risks
Download the Whitepaper
Bracing for the Tidal Wave of Data Privacy Compliance in America
View Recent Catches
Catch More Threats
August 30, 2018
Implement a Central Collection System Microsoft has made some considerable changes to event management in Windows Vista. But are these changes enough to help you control your entire infrastructure? This article is the last in a series that looks at Vista event management.
December 12, 2007
Buying a Pragmatic Log Management Solution Over the past 4 months, we’ve discussed many of the reasons that log management is critical. To quickly review, log management can help you react faster from an operational aspect – so you can pinpoint an incident and remediate any issues well ahead of a significant loss. Secondly, log management helps in the event of an incident in terms of having rock-solid evidence to investigate a breach and hopefully bring the perpetrator to justice.
November 11, 2007
Welcome to Log Talk, the Prism Microsystems blog that provides active commentary and insight on all things related to Log Management and Analysis. Postings on this blog are intended to provide a mix of actionable tips and knowledge to help you leverage your log data as well as provide advice on compliance and security implementations.
November 10, 2007
Log Management and Compliance In past articles, I’ve covered how log management helps with operations and incident response, all in a distinctly “Pragmatic” way. This month we are going to address what I consider to be the 3rd leg of the stool – compliance. Security professionals have a love/hate relationship with compliance.
October 15, 2007
Log Management and Incident Response I’m going to let you in on a little secret. It’s a tough message to get, but part of being Pragmatic is not deluding yourself about what you can and can’t do. The cold harsh reality of today’s information security environment is that you will be compromised. I don’t know whether it will be tomorrow, next Tuesday, or some other time in the future -but it will happen. There are just too many legitimate attack vectors, too many restrictions on what we can and can’t do, and too many limitations on budget and resources to ever be “truly secure.”
September 08, 2007
Log Management and Pragmatic Operations Last month, I introduced the concept of the Pragmatic CSO methodology, a 12-step program to help security professionals overcome their addiction to throwing new products at every new attack vector and security problem. Additionally, the process helps security professionals build a value proposition, interface with senior management more effectively, and run their security operation as a business. As a high level construct, the 12 steps are helpful, but ultimately security professionals need to do something, and that’s what we are going to discuss this month.
August 17, 2007
Looking at Log Management Pragmatically As the first article in a 6-part series on the specifics of log management, I want to introduce the concept of the Pragmatic CSO methodology and go into how/why the idea of log management is important to achieving the goals of the Chief Security Officer. This piece will lay the foundation for the journey we will take together over the next 6 months.
June 17, 2007
Collect Vista Events Microsoft has made some considerable changes to event management in Windows Vista. One major change is the way you can now centrally collect events from a variety of systems. This article is the fifth in a series that demystifies the Vista Event Log. Windows Vista includes an updated implementation of Microsoft’s remote management infrastructure: Windows Remote Management (WinRM). The Vista Event Log uses WinRM along with the Windows Event Collector service as the engines for collecting events from remote machines and sending them to a central event collector system.
May 05, 2007
Automate Vista Events Microsoft has made some considerable changes to event management in Windows Vista. One major change is the way you can link events to automated tasks. This article is the fourth in a series that demystifies the Vista Event Log. When you manage events, you often wish you could generate automatic actions when specific events occur. For example, it would be nice if you could automatically delete temporary files and send a notification to desktop technicians when PC disk drives get too full. In another scenario, it would be nice if you could receive automatic
April 16, 2007
Explore the Vista Task Scheduler Microsoft has made some considerable changes to event management in Windows Vista. One related change is the way the Vista Task Scheduler has been enhanced. These enhancements allow you to link events to automated tasks. This article is the third in a series that demystifies the Vista Event Log.
March 10, 2007
Explore the Vista Event Log Microsoft has made some considerable changes in the Windows Vista Event Log. It sports a new interface and a significant number of new event categories making much more useful than ever before. This article is the second in a series that demystifies the Vista Event Log
February 20, 2007
Industry News Logging data extracts puts some agencies in a bind SPECIAL REPORT: Case study no. 3 – Mandate forces changes in who accesses information OMB gives agencies 45 days to begin logging all computer-readable data extracts, and after 90 days, verify if the data has been erased or still is needed. Very few agencies—if any—have met this most challenging mandate of the four, industry and federal experts said.
January 12, 2007
Manage Change in Windows Vista Microsoft has made some considerable changes in the Windows Vista Event Log. How do those changes affect system auditing and how will they change the way you monitor systems? This article is the first in a series that demystifies the Vista Event Log.