Domain controllers and member servers are obviously critical to security log monitoring but there are many things you can only track by monitoring end-user workstation security logs. In this webinar I will explain why the Windows network architecture makes workstation security log monitoring so important. I'll show you all of the important security activities that you can only detect from Workstation logs. This includes answering questions like:
· When did the user logoff?
· What programs did the user execute?
· What is the exact reason for logon failure?
· Who accessed the laptop while it was disconnected from the network?
· Is anyone trying to break into this computer?
I’ll show you the events that answer those questions and more as well as explain why you can only find these events on the workstation security log.
Then I’ll take the discussion further and tackle the issue of whether workstation logs should be centrally collected or is there value in enabling auditing on workstations and building up an audit trail of this activity so that it will (hopefully) be there if needed in the future.
Finally, I’ll provide a list of important workstation security events that are not logged by Windows auditing. For example, the Windows security log does not answer:
· Was a USB stick or CD/DVD inserted into the workstation?
· Which files/folders were copied onto the USB or CD/DVD
These and other unaudited activities represent a significant gap in Windows auditing and this is where our SIEM sponsor, EventTracker, comes in. EventTracker creator, A.N. Ananth will briefly demonstrate EventTracker’s special endpoint auditing capabilities that help address this gap. Ananth will also discuss his company’s experience with assisting clients with the special challenge of workstation log management.
Don’t miss this real training for free event and invite your manager to join you so that they can understand why workstation security and auditing cannot be ignored.