Download the Report
Advanced Threat Protection
Download the Datasheet
Let's Go Threat Hunting: Gain Visibility and Insight into Potential Threats and Risks
Download the Whitepaper
Bracing for the Tidal Wave of Data Privacy Compliance in America
View Recent Catches
Catch More Threats
June 24, 2009
Today we start in earnest on our Consensus Audit Guidelines (CAG) series by taking a look at CAG 1 and 2. Not hugely interesting from a log standpoint but there are some things that log management solutions like EventTracker can help you with.
June 19, 2009
Today we are going to begin another series on a standard that leverages logs. The Consensus Audit Guidelines, or CAG for short, is a joint initiative of SANS and a number of Federal CIO’s and CISO’s to put in place some lower level guidelines for FISMA. One of the criticisms of FISMA is that is it is very vague and implementation can be very different from agency to agency. The CAG is a series of recommendations that make it easier for IT to make measurable improvements in security by knocking off some low hanging targets. There are 20 CAG recommended controls and 15 of them can be automated. Over the next few weeks we will look at each one. Hope you enjoy it.
June 14, 2009
Log and security event management tame the wild west environment of a university network Being a network administrator in a university environment is no easy task. Unlike the corporate world, a university network typically has few restrictions over who can gain access; what type or brand of equipment people use at the endpoint; how those endpoint devices are configured and managed; and what users do once they are on the network.
June 12, 2009
We have been talking a lot recently about web vulnerabilities, specifically the OWASP Top 10 list. We have covered how logs can help detect signs of web attacks in OWASP A1 through A6. A7 – A10 cannot be detected by logging, but in this wrap-up of the OWASP series we’ll take a look at them.
June 09, 2009
Today we conclude our series on OWASP vulnerabilities with a look at A6 — error handling in the web server. Careless or non-configuration of error handling in a web server gives a hacker quite a lot of useful information about the structure of your web application. While careful configuration can take care of many issues, hackers will still probe your application deliberately triggering error conditions to see what information is there to be had. In this video we look at how you can use web server logs to detect whether you are being probed by a potential hacker.
June 01, 2009
Today’s video blog continues our series on web vulnerabilities. We look at OWASP A5 — cross site request forgery hacks and we discuss ways that Admins can help both prevent these attacks and detect them when they do occur.