Virtualization Security: What are the Real World Risks?

There’s been a lot of recent hype about security risks with the rise of virtualization, but much of it is vague and short on specifics. There is also an assumption that all the security available on a physical server simply disappears when it migrates to being a virtual machine. This is not true. A virtual […]

Read more

Automating Review and Response to Security Events

The next significant horizon in audit log management will be the automation of the review and response tasks associated with security events. Currently, log management SIEM solutions are expected to scour logs, identify high-impact changes or other suspicious activity, and simply send out an alert. It requires the intercession of a person to assess the […]

Read more

Security Logging as a Detective and Deterrent Control Against Rogue Admins

Intrusion detection and compliance are the focus of log management, SIEM and security logging. But security logs, when managed correctly are also the only control over rogue admins. Once root or admin authority has been given to, or acquired by, a user, there is little they cannot do: with admin authority, they can circumvent access or authorization […]

Read more

Come on Feel the Noise

It’s the line from a song in the 70’s, but quite apt when it comes to describing the Windows security log. There’s no getting around the fact that there are a lot of useless and inexplicable events in the Security log, and the sooner you get comfortable with that the sooner you’ll save your sanity […]

Read more

The Art of Detecting Malicious Activity with Logs

Randy Franklin Smith compares methods for detecting malicious activity from logs including monitoring for high impact changes, setting up tripwires and anomalous changes in activity levels. Security standards and auditors make much of reviewing logs for malicious activity. I am frequently asked what event signatures are indicative of intrusions: “What are the top Event IDs […]

Read more

Logs for Insider Abuse Investigations

Introduction In most previous newsletters, we have discussed the use of logging for various regulatory mandates (such as PCI DSS, HIPAA and FISMA) as well as the use of logs for incident response and malicious software tracking. This log data can also be incredibly useful for detecting and investigating insider abuse and internal attacks. While […]

Read more

Logs vs Bots and Malware Today

Despite the fact that security industry has been fighting malicious software – viruses, worms, spyware, bots and other malware since the late 1980s, malware still represents one of the key threat factors for organizations today. While silly viruses of the 1990s and noisy worms (Blaster, Slammer, etc.) of the early 2000’s have been replaced by […]

Read more

Log review for incident response; EventTracker Excels in UNIX Challenge

Log Review for Incident Response: Part 2 From all the uses for log data across security, compliance and operations (see, for example, LogTalk: 100 Uses for Log Management #67: Secure Auditing – Solaris), using logs for incident response presents a truly universal scenario: you can be forced to use logs for incident response at any moment […]

Read more

Detecting Zeus, Logging for incident response, and more

Logging for Incident Response: Part 1 – Preparing the Infrastructure From all the uses for log data across the spectrum of security, compliance, and operations, using logs for incident response presents a truly universal scenario –you can be forced to use logs for incident response at any moment, whether you’re prepared or not. An incident […]

Read more

EventTracker 7 is here; Detailed FISMA guidance and more

Logging for FISMA part 2 : Detailed FISMA logging guidance in NIST 800-92 and SANS CSC20 The Federal Information Security Management Act of 2002 (FISMA) “requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the […]

Read more

FISMA How To; Preview EventTracker 7 and more

FISMA How To The Federal Information Security Management Act of 2002 (FISMA) “requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.” […]

Read more

Logging for HIPAA Part 2; Secure auditing in Linux

HIPAA Logging HOWTO, Part 2 The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines relevant security and privacy standards for health information – both electronic and physical. The main mission of the law is “to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, […]

Read more

HIPAA Logging Howto; New attack bypasses AV protection

HIPAA Logging HOWTO, Part 1 The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines relevant security and privacy standards for health information – both electronic and physical. The main mission of the law is “to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, […]

Read more

PCI HOWTO Part 2; Revised NIST guidelines

PCI Logging HOWTO, Part 2 Payment Card Industry Data Security Standard (PCI DSS) was created by the major card brands and is now managed by the PCI Security Standards Council. Since its creation in 2006, PCI DSS continues to affect how thousands of organization approach security. PCI applies to all organizations that handle credit card […]

Read more

Logging for PCI HOWTO; New Trojan masquerades as Adobe update

CI Logging HOWTO Payment Card Industry Data Security Standard (PCI DSS) was created by the major card brands – Visa, MasterCard, American Express, JCB and Discover – and is now managed by the PCI Security Standards Council. Since its creation in 2006, PCI DSS continues to affect how thousands of organization approach security. PCI applies […]

Read more

Anomaly detection and log management; State of virtualization security and more

Anomaly Detection and Log Management: What we Can (and Can’t) Learn from the Financial Fraud Space Have you ever been in a store with an important purchase, rolled up to the cash register and handed over your card only to have it denied? You scramble to think why: “Has my identity been stolen?” “Is there […]

Read more

SQL injection leaves databases exposed; zero-day flaw responsible for Google hack

Turning log information into business intelligence with relationship mapping Now that we’re past January, most of us have received all of our W2 and 1099 tax forms. We all know that it’s important to keep these forms until we’ve filed our taxes and most of us also keep the forms for seven years after filing […]

Read more

5 cyber security myths, the importance of time synchronization, and more

Time won’t give me time: The importance of time synchronization for Log Management Does this sound familiar? You get off a late night flight and wearily make your way to your hotel. As you wait to check in, you look at the clocks behind the registration desk and do a double-take. Could it really be […]

Read more

New EventTracker 6.4; 15 reasons why your business may be insecure

Tuning Log Management and SIEM for Compliance Reporting The winter holidays are quickly approaching, and one thing that could probably make most IT Security wish lists is a way to produce automated compliance reports that make auditors say “Wow!” In last month’s newsletter, we took a look at ways to work better with auditors. […]

Read more

Tips for working well with auditors; Inside the Walmart breach

Working Well with Auditors For some IT professionals, the mere mention of an audit conjures painful images of being trussed and stuffed like a Thanksgiving turkey. If you’ve ever been through an audit that you weren’t prepared for, you may harbor your own unpleasant images of an audit process gone wrong. As recently as 10-15 […]

Read more

Leverage the audit organization for better security, Bankers gone bad, and more

Log Management in virtualized environments Back in the early/mid-90s I was in charge of the global network for a software company. We had a single connection to the Internet and had set up an old Sun box as the gatekeeper between our internal network and the ‘net. My “log management” process consisted of keeping a […]

Read more

Security threats from well-meaning employees, new HIPAA requirements, SMB flaw

The threat within: Protecting information assets from well-meaning employees Most information security experts will agree that employees form the weakest link when it comes to corporate information security. Malicious insiders aside, well-intentioned employees bear responsibility for a large number of breaches today. Whether it’s a phishing scam, a lost USB or mobile device that bears […]

Read more

Managing the virtualized enterprise, historic NIST recommendations and more

Smart Value: Getting more from Log Management Every drop in the business cycle brings out the ‘get more value for your money’ strategies. For IT this usually means either use the tools you have to solve a wider range of problems or buy a tool that with fast initial payback and can be used to […]

Read more

EventTracker 6.3 review; Getting more from Log Management; Correlation techniques and more

Smart Value: Getting more from Log Management Every dip in the business cycle brings out the ‘get more value for your money’ strategies, and our current “Kingda Ka style” economic drop only increases the strategy implementation urgency. For IT this usually means either use the tools you have to solve a wider range of problems […]

Read more

New NIST recommendations; Using Log Management to detect web vulnerabilities and more

Log and security event management tame the wild west environment of a university network Being a network administrator in a university environment is no easy task. Unlike the corporate world, a university network typically has few restrictions over who can gain access; what type or brand of equipment people use at the endpoint; how those […]

Read more

Displaying results 76-100 (of 129)
 |<  <  1 - 2 - 3 - 4 - 5 - 6  >  >|