Another Crazy Patch Tuesday
Free Security Log Training
Join us for a Webinar on August 31
Title: Monitoring User Accounts with the Windows Security Log
Date: Thursday, August 31, 2006
Time: 12:00 PM EDT
In this fast paced webinar, I will show you how to use the Windows security log to track status changes and other modifications to AD user accounts which is vital to good security and regulatory compliance. I will reveal little known secrets for interpreting Account Management events so that you can filter false positives without missing the real changes. You will find out crucial differences between Windows 2000 and 2003 that can make or break your reports and alert rules.
12 Microsoft Security Bulletins for August 2006
I'm very excited to announce the launch of a monthly free training opportunity to deepen your knowledge on the Windows Security Log. Join us Thursday, August 31 at noon Eastern time for "Monitoring User Accounts with the Windows Security Log".
This and future webinars will be the real thing - deep technical training that provides insight into the Windows audit system and security log.
By attending you'll get to leverage the years of research I've put into understanding Windows security and the cryptic event patterns in the security log to track user activity, detect intrusion and provide audit trails for compliance evidence.
We are offering this webinar free thanks to the sponsorship of Secure Vantage who makes a MOM management pack for the Windows security log. Secure Vantage will take a few minutes after my presentation to show you how their management pack helps you exploit the knowledge gained from the training. Then we'll open things up for a Q&A session.
From time to time a let you know about notable security products - especially in the security log management sector - and point out what distinguishes a product or makes it worth looking at. If you are an small or medium organization looking for an affordable, non-agent based management solution for your Windows security logs, take a look at our sponsor,
SELM has extensive knowledge about the Windows security log built right into the product - especially for products in its price range. Several years ago GFI became one of the first companies to implement parsing of description fields making it much easier to go beyond simple event ID analysis and filter, report or alert based on data within the description of events. For instance, SELM can interpret logon event ID 528 differently depending on Logon Type, potentially treating remote desktop logons differently than simple network logons for file sharing.
For being an agentless solution SELM does remarkably well at collecting events from servers remotely. Since there's no agent it's easy and quick to install and there's no griping from administrators about installing software on their systems. For large enterprises, especially those needing separation of duty between server administrators and information security, I think agent architecture is usually required. But for organizations with a small IT force or where there's great push back to agents and budget constraint, put SELM on your short list.
FYI: I'm proud to be part of a SANS team devoted to defining some consensus standards for logging formats and protocols. With all the logs generated by operating systems, databases, applications and devices we are in desperate need for some standardization. We are hoping to develop some standards that represent broad consensus and then encourage vendors to implement them. It's an ambitious endeavor and I'll keep you posted as things develop. Send me your ideas and suggestions.
Let me know in general what we can do to make your information security life better. We'll do our best.
Yours truly,
Randy Franklin Smith
Disclaimer: We do our best to provide quality information and expert commentary but use all information or recommendations herein at your own risk.
