Venom Vulnerability exposes most Data Centers to Cyber Attacks

Just after a new security vulnerability surfaced Wednesday, many tech outlets started comparing it with HeartBleed, the serious security glitch uncovered last year that rendered communications with many well-known web services insecure, potentially exposing millions of plain-text passwords. But don’t panic. Though the recent vulnerability has a more terrific name than HeartBleed, it is not […]

Read more

Four Key Steps to Rapid Incident Response

Is it possible to avoid security breaches? Judging from recent headlines, probably not. Victims range from startups like Kreditech, to major retailers like Target,to the US State Department and even the White House. Regardless of the security measures you have in place, it is prudent to assume you will suffer a breach at some point. […]

Read more

Enriching Event Log Monitoring by Correlating Non Event Security Information

Sometimes we get hung up on event monitoring and forget about the “I” in SIEM which stands for information. Not forgetting Information is important because there are many sources of non-event security information that your SIEM should be ingesting and correlating with security events more than ever before. There’s at least 4 categories of security information […]

Read more

Why Naming Conventions are Important to Log Monitoring

Log monitoring is difficult for many reasons. For one thing there are not many events that unquestionably indicate an intrusion or malicious activity. If it were that easy the system would just prevent the attack in the first place. One way to improve log monitoring is to name implement naming conventions that imbed information about […]

Read more

4 Fundamentals of Good Security Log Monitoring

Effective security log monitoring is a very technical challenge that requires a lot of arcane knowledge and it is easy to get lost in the details. Over the years, there are 4 things that stand out to me as fundamentals when it comes to keeping the big picture and meeting the challenge: […]

Read more

Mobile and Remote Endpoints – Don’t Leave Them Out of Your Monitoring

I’ve always tried to raise awareness about the importance of workstation security logs. Workstation endpoints are a crucial component of security and the first target of today’s bad guys. Look at news reports and you’ll find that APT attacks and outsider data thefts always begin with the workstation endpoint. So unless you want to ignore […]

Read more

Laying Traps for External Information Thieves

Wouldn’t it be nice if you detect when an external threat actor, who’s taken over one of your users’ endpoints, goes on a poaching expedition through all the information that user has access to on your network? Easier said than done, right? After all, when malware is running on an endpoint anything it does show […]

Read more

Nineteen Minutes In April

In April 16 of 2013, a sniper took a hundred shots at Pacific Gas and Electric’s (PG&E) Metcalf Electric Power Transformer Station. The utility was able to reroute power on the grid and avert a black out. The whole ordeal took nineteen tension-filled minutes. The event added muscle to the regulatory grip of The North […]

Read more

Case of the Disappearing Objects: How to Audit Who Deleted What in Active Directory

I often get asked how to audit the deletion of objects in Active Directory. It’s pretty easy to do this with the Windows Security Log – especially for tracking deletion of users and groups which I’ll show you first. All you have to do is enable “Audit user accounts” and “Audit security group management” in […]

Read more

SIEM and Return on Investment: Four Pillars for Success

Return on investment (ROI) — it is the Achilles heel of IT management. Nobody minds spending money to avoid costs, prevent disasters, and ultimately yield more than the initial investment outlay. But is the investment justified? It is challenging to calculate the ROI for any IT investment, and security information and event management (SIEM) tools […]

Read more

Tracking removable storage with the Windows Security Log

With data breaches and Snowden-like information grabs, I’m getting increased requests for how to track data moving to and from removable storage, such as flash drives. The good news is that the Windows Security Log does offer a way to audit removable storage access. I’ll show you how it works, and since EventTracker has some […]

Read more

Increasing Security and Driving Down Costs Using the DevOps Approach

The prevailing IT requirement tends toward doing more work faster, but with fewer resources to do such work, many companies must reconsider their traditional approaches to developing, deploying and maintaining software. One such approach, called DevOps, first gained traction as a viable software development and deployment strategy in Europe in the late 2000s. DevOps is […]

Read more

How to analyze login and pre-authentication failures for Windows Server 2003 R2 and below

Analyzing all the login and pre-authentication failures within your organization can be tedious. There are thousands of login failures generated for several reasons. Here we will discuss the different event IDs and error codes and how you can simplify the login failure review process. First you need to know the event IDs related to login […]

Read more

Avenue to Compromise – Credential Theft

After an attacker has compromised a target infrastructure, the typical next step is credential theft. The objective is to propagate compromise across additional systems, and eventually target Active Directory and domain controllers to obtain complete control of the network. Attractive Accounts for Credential Theft Credential theft attacks are those in which an attacker initially gains […]

Read more

Monitoring File Permission Changes with the Windows Security Log

Unstructured data access governance is a big compliance concern. Unstructured data is difficult to secure because there’s so much of it, it’s growing so fast and it is user created so it doesn’t automatically get categorized and controlled like structured data in databases. Moreover unstructured data is usually a treasure trove of sensitive and confidential […]

Read more