Archive

Implementing a Central Log Collection System


Implement a Central Collection System Microsoft has made some considerable changes to event management in Windows Vista. But are these changes enough to help you control your entire infrastructure? This article is the last in a series that looks at Vista event management.

Failed your security audit? Recover with a 5 step checklist


Buying a Pragmatic Log Management Solution Over the past 4 months, we’ve discussed many of the reasons that log management is critical. To quickly review, log management can help you react faster from an operational aspect – so you can pinpoint an incident and remediate any issues well ahead of a significant loss. Secondly, log management helps in the event of an incident in terms of having rock-solid evidence to investigate a breach and hopefully bring the perpetrator to justice.

Welcome to Log Talk


Welcome to Log Talk, the Prism Microsystems blog that provides active commentary and insight on all things related to Log Management and Analysis. Postings on this blog are intended to provide a mix of actionable tips and knowledge to help you leverage your log data as well as provide advice on compliance and security implementations.

Compliance audit got you nervous? It doesn’t have to be that way


Log Management and Compliance In past articles, I’ve covered how log management helps with operations and incident response, all in a distinctly “Pragmatic” way. This month we are going to address what I consider to be the 3rd leg of the stool – compliance. Security professionals have a love/hate relationship with compliance.

How to Disagree with Auditors New EventTracker 6.0 and more


Log Management and Incident Response I’m going to let you in on a little secret. It’s a tough message to get, but part of being Pragmatic is not deluding yourself about what you can and can’t do. The cold harsh reality of today’s information security environment is that you will be compromised. I don’t know whether it will be tomorrow, next Tuesday, or some other time in the future -but it will happen. There are just too many legitimate attack vectors, too many restrictions on what we can and can’t do, and too many limitations on budget and resources to ever be “truly secure.”

Optimize IT operations pinpoint vulnerabilities


Log Management and Pragmatic Operations Last month, I introduced the concept of the Pragmatic CSO methodology, a 12-step program to help security professionals overcome their addiction to throwing new products at every new attack vector and security problem. Additionally, the process helps security professionals build a value proposition, interface with senior management more effectively, and run their security operation as a business. As a high level construct, the 12 steps are helpful, but ultimately security professionals need to do something, and that’s what we are going to discuss this month.

Leveraging Log Data for Better Security


Looking at Log Management Pragmatically As the first article in a 6-part series on the specifics of log management, I want to introduce the concept of the Pragmatic CSO methodology and go into how/why the idea of log management is important to achieving the goals of the Chief Security Officer. This piece will lay the foundation for the journey we will take together over the next 6 months.

Top Security Issues Facing the Enterprise


Collect Vista Events Microsoft has made some considerable changes to event management in Windows Vista. One major change is the way you can now centrally collect events from a variety of systems. This article is the fifth in a series that demystifies the Vista Event Log. Windows Vista includes an updated implementation of Microsoft’s remote management infrastructure: Windows Remote Management (WinRM). The Vista Event Log uses WinRM along with the Windows Event Collector service as the engines for collecting events from remote machines and sending them to a central event collector system.

The New Face of Security Attacks The Danger Within


Automate Vista Events Microsoft has made some considerable changes to event management in Windows Vista. One major change is the way you can link events to automated tasks. This article is the fourth in a series that demystifies the Vista Event Log. When you manage events, you often wish you could generate automatic actions when specific events occur. For example, it would be nice if you could automatically delete temporary files and send a notification to desktop technicians when PC disk drives get too full. In another scenario, it would be nice if you could receive automatic

Data Security and Compliance Regulations


Explore the Vista Task Scheduler Microsoft has made some considerable changes to event management in Windows Vista. One related change is the way the Vista Task Scheduler has been enhanced. These enhancements allow you to link events to automated tasks. This article is the third in a series that demystifies the Vista Event Log.

Explore Vista Event Log; Top Tips on Compliance, Security and Data Privacy


Explore the Vista Event Log Microsoft has made some considerable changes in the Windows Vista Event Log. It sports a new interface and a significant number of new event categories making much more useful than ever before. This article is the second in a series that demystifies the Vista Event Log

OMB Security Mandate and Network Security Best Practices


Industry News Logging data extracts puts some agencies in a bind SPECIAL REPORT: Case study no. 3 – Mandate forces changes in who accesses information OMB gives agencies 45 days to begin logging all computer-readable data extracts, and after 90 days, verify if the data has been erased or still is needed. Very few agencies—if any—have met this most challenging mandate of the four, industry and federal experts said.

New EventTracker 5.6 and Managing Change in Vista


Manage Change in Windows Vista Microsoft has made some considerable changes in the Windows Vista Event Log. How do those changes affect system auditing and how will they change the way you monitor systems? This article is the first in a series that demystifies the Vista Event Log.

EventTracker SIEM Trial

EventTracker SIEM Trial

Experience the difference of a platform built to deliver vital and actionable data.

Try it for Free