Security, et al

Randy's Blog on Infosec and Other Stuff

Two new "How-To" Videos on Event Monitoring

Wed, 21 Jun 2017 14:02:26 GMT

I just released two new "How-To" video's on monitoring two important areas with Windows Event Collection.

Video 1 - In this 4 minute video, I show you step-by-step how you can use my latest product, Supercharger, to create a WEC susbscription that pulls PowerShell security events from all of your endpoints to a central collector.

Video 2 - In this 8 minute video, you will learn how to monitor security event ID 4688 from all of your endpoints. Obviously this would normally create a plethora of data but using Supercharger's Common System Process noise filter you will see how you can leave 60% of the noise at the source.

You can watch the video's by clicking on the links above or visiting the resources page for Supercharger by clicking here.

email this digg reddit dzone
comments (0)references (0)

Related:
Severing the Horizontal Kill Chain: The Role of Micro-Segmentation in Your Virtualization Infrastructure
Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online
5 Indicators of Endpoint Evil
Anatomy of a Hack Disrupted: How one of SIEM’s out-of-the-box rules caught an intrusion and beyond

Download Supercharger Free Edition for Easy Management of Windows Event Collection

Wed, 14 Jun 2017 08:59:58 GMT

We just released a new and free edition of Supercharger for Windows Event Collection which you can get here

There are no time-outs and no limits on the number of computers you can manage with Supercharger Free.

I wanted to include more than enough functionality so that anyone who uses WEC would want to install Supercharger Free right away.  For non-WEC users, Free Edition helps you get off the ground with step-by-step guidance. 

With Supercharger Free you can stop remoting into each collector and messing around with Event Viewer just to see the status of your subscriptions.  You can see all your collectors, subscriptions and source computers on a single pane of glass – even from your phone.  And you can create/edit/delete subscriptions as necessary.

I also wanted to help you get more from WEC’s ability to filter out noise events at the source by leveraging my research on the Windows Security Log. 

Supercharger Free Edition:

  • Provides a single pane of glass view of your entire Windows Event Collection (WEC) environment across all collectors and domains
  • Virtually eliminates the need to remote into collectors and wrestle with Event Viewer.  You can manage subscriptions right from the dashboard
  • Includes a growing list of my personally-built Security Log noise filters that help you get the events you need while leaving the noise behind

The manager only takes a few minutes to install and can even co-exist on a medium loaded collector.  Then it’s just seconds to install the agent on your other collectors.  You can uninstall Supercharger without affecting your WEC environment. 

I hope Supercharger Free is something that saves you time and helps you accomplish more with WEC.

This is just the beginning.  We’ve got more exciting and free stuff coming.  But you’ll need at least Supercharger Free to make use of what’s next, so install it today if you can.

Thank you for supporting my site of the years.  Here’s something new and free to say thanks.

email this digg reddit dzone
comments (0)references (0)

Related:
Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online
5 Indicators of Endpoint Evil
Live with Dell at RSA 2015
Severing the Horizontal Kill Chain: The Role of Micro-Segmentation in Your Virtualization Infrastructure

How to Monitor Active Directory Changes for Free: Using Splunk Free, Supercharger Free and My New Splunk App for LOGbinder

Fri, 02 Jun 2017 17:11:59 GMT

No matter how big or small you are, whether you have budget or not – you need to be monitoring changes in Active Directory.  There are awesome Active Directory audit solutions out there.  And ideally you are using one of them.  But if for whatever reason you can’t, you still have AD and it still needs to be monitored.  This solution helps you do just that.  

Yesterday during my webinar: How to Monitor Active Directory Changes for Free: Using Splunk Free, Supercharger Free and My New Splunk App we released a version of our Splunk App for LOGbinder.  Not only is this application free, but with the help of our just announced free edition of Supercharger for Windows Event Collection, we demonstrate the power of WEC’s Xpath filtering to deliver just the relevant events to Splunk Free and stay within the 500MB daily limit of Splunk Light’s free limitations.  It’s a trifecta free tools that produces this:
 

Among other abilities, our new Splunk App puts our deep knowledge of the Windows Security Log to work by analyzing events to provide an easy to use but powerful dashboard of changes in Active Directory.  You can see what’s been changing in AD sliced up

by object type (users, groups, GPOs, etc)
by domain
by time
by administrator

Too many times I see dashboards that showcase the biggest and highest frequency actors and subjects but get real – most of the time what you are looking for is the needle – not the haystack.  So we show the smallest, least frequent actors and objects too.  


 
Just because it’s free doesn’t mean it’s low value.  We put some real work into this.  I always learn something new about or own little AD lab environment when I bring this app up.  To make this app work we had to make some improvements to how Splunk parses Windows Security Events.  The problem with stuff built by non-specialists is that it suffices for filling in a bullet point like “native parsing of Windows Security Logs” but doesn’t come through when you get serious about analysis.  Case-in-point: Splunk treats these 2 very different fields in the below event as one:


 
As you can see rsmith created the new user cmartin.  But checkout what Splunk does with that event:


Whoah! So there’s no difference between the actor and the target of a critical event like a new account being created?  One Splunker tells me they have dealt with this issue by ordinal position but I'm frightened that actor and target could switch positions.  Anyway, it’s ugly.  Here’s what the same event looks like once you install our Splunk App:


That’s what I'm talking about! Hey, executives may say that’s just the weeds but you and I know that with security the devil is in the details.  

Now, you knowledgeable Splunkers out there are probably wondering if we get these events by defining them at index time.  And the answer is “no”.  I provided the Windows Security Log brains but we got a real Splunker to build the app and you’ll be happy to know that Imre defined these new fields as search time fields.  So this works on old events already indexed and more importantly doesn’t impact indexing.  We tried to do this right.

Plus, we made sure this app works whether you consume events directly from the Security log of each computer or via Windows Event Collection (which is what we recommend with the help of Supercharger). 
 
To learn more about the over all solution please watch the webinar which is available on demand at https://www.ultimatewindowssecurity.com/webinars/watch.aspx?ID=1439

For those of you new to Splunk, we’ll quickly show you how to install Splunk Free and our Splunk App.  Then we’ll show you how in 5 minutes or our free edition of Supercharger for Windows Event Collection can have your domain controllers efficiently forwarding just the relative trickle of relevant change events to Splunk.  Then we’ll start rendering some beautiful dashboards and drilling down into those events.  I'll briefly show you how this same Splunk app can also analyze SharePoint, SQL Server and Exchange security activity produced by our LOGbinder product and mix all of that activity with AD changes and plot it on a single pane of glass.

Or checkout the solution page at https://www.logbinder.com/Solutions/ActiveDirectory where there are links to the step-by-step directions.

And if you are already proficient with Splunk and collecting domain controller logs you can get the Splunk app at https://www.logbinder.com/Resources/ and look under SIEM Integration.  

For technical support please use the appropriate forum at forum.logbinder.com 

email this digg reddit dzone
comments (0)references (0)

Related:
Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online
5 Indicators of Endpoint Evil
Severing the Horizontal Kill Chain: The Role of Micro-Segmentation in Your Virtualization Infrastructure
Live with Dell at RSA 2015

Get rid of QuickTime as Quickly and Efficiently – For FREE!

Mon, 25 Apr 2016 12:53:01 GMT

Hi folks.  If you are wondering how many computers on your network have QuickTime installed and how to get rid of it, I’ve got some help for you in the form of a video, PowerShell script, AppLocker policy and free tools from SolarWinds.  If you don’t already know why it’s urgent to uninstall QuickTime, be aware that Apple has announced it’s no longer supporting QuickTime for Windows even though TrendMicro has announced 2 zero-day heap corruption vulnerabilities that allow remote code execution.  According to my understanding of this, Apple never provided any warning that they’d stop patching their software.  That’s really lame.  You have to say this for Microsoft, they give you warning.  So every Windows endpoint with QuickTime installed is a sitting duck.  Even the Department of Homeland Security is warning folks to kill QuickTime before the bad guys exploit it against you and your network.

Barry and I have put together 2 videos:

1.  How to spend about 15 minutes with a trial download of SolarWinds Patch Manager to

a.  Quickly inventory all the endpoints with QuickTime installed

i.  We got the folks at SolarWinds to post a report on Thwack that reports all computers with QuickTime installed.

b.  Remotely un-install QuickTime from those PCs

c.  Without installing any agents!

2.  Or you can use AppLocker to block QuickTime from executing on PCs where it is installed

I recommend using the SolarWinds Patch Manager option because it’s fast, easy and free and it eliminates the risk by uninstalling QuickTime.  My alternative AppLocker procedure only blocks QuickTime; it doesn’t install it and it doesn’t address malware that knows how to bypass the Application Identity service.

If you are going to the 30-day trial of SolarWinds Patch Manager to remove QuickTime please use this URL to download it because that helps us keep the lights on here at UltimateWindowsSecurity.  And don’t worry, the good folks at SolarWinds are good with you using the eval to solve this problem.  You might want to keep Patch Manager once you see it.  After explaining how to use it to get rid of QuickTime I’ll explain why I like Patch Manager.

Download PatchManager and install it.  Watch Barry’s video to help you save time.  It only takes Barry 11 minutes to install Patch Manager, find all the PCs with QuickTime and uninstall it.  Follow along with Barry and you’ll be done in time to take the rest of the morning off. 

If you are interested in my alternative (and less secure) AppLocker method, watch this video.

Download Randy's Powershell Script here: http://tinyurl.com/ze2okye

Both methods work without agents!  But only Patch Manager actually eliminates the risk.  And the no agent thing is what I love about Patch Manager.  It provides software inventory and 3rd party patching (Adobe, Java, Apple, etc) without requiring you to install yet another agent.  How does it do it?  It’s pretty cool. Patch Manager uses WMI for querying PCs but then it leverages the already existing Windows Update agent baked into every Windows computer to push 3rd party patches and of course Microsoft patches too.  It does this through a really cool integration with WSUS. 

So you get the best of both worlds.  Leverage the built-in infrastructure Windows already provides for patching Microsoft products to patch 3rd party products too!  Brilliant.  Again, if you want to use Patch Manager for getting rid of QuickTime for free or just want to try it out, please use this URL.  It helps fund our research and real training for free we provide nearly each week.

email this digg reddit dzone
comments (0)references (0)

Related:
Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online
5 Indicators of Endpoint Evil
Severing the Horizontal Kill Chain: The Role of Micro-Segmentation in Your Virtualization Infrastructure
Live with Dell at RSA 2015

Live at RSA: FIDO authentication protocols and checking in real-time for user presence

Thu, 23 Apr 2015 10:30:32 GMT

There are a LOT of authentication companies at RSA 2015 this year.  It’s been fun learning the difference between them – and there are big differences.  

Arshad Noor from open source company StrongAuth (South Hall booth 2332), came by the UltimateWindowsSecurity.com booth (South 2240) and briefed me on the relatively new FIDO (Fast IDentity Online) authentication protocols.  FIDO protocols are interesting for a lot reasons but what Arshad said about “user presence” got my attention.  One of my top concerns is how a compromised user endpoint can effectively defeat even the strongest authentication schemes.  (2 Factor, SSO, Federation and Cloud Identity are Awesome but it’s all for Naught if You Leave this One Backdoor Open ) If your endpoint is compromised, malware can wait until you authenticate and then piggy back off that authentication using a host of different methods.  So you have to attack that on 2 different fronts: preventing malware and for really high value operations you need to get reassurance at that moment in time that the user is present and the one initiating that operation.  Just checking for user presence still doesn’t solve for every sophisticated scenario but it gets you a lot closer.  But as with all things security, if you aren’t careful you end up making things so inconvenient for the user that you get in the way of business and asking users to go all the way back through onerous authentication steps at seemingly random times is a great way to get in the way of business.  So that’s why Arshad got my attention when he mentioned “user presence”.  

FIDO makes it easy for an application, including web applications, to reach out to the users FIDO compliant token and ask for real-time user presence verification.  It’s up to the token vendor how to implement this but the example Arshad talked about was a simple token started flashing and LED.  All the user has to do is touch the token to say “yes, I’m here and initiating this transaction”.  Then the token signs the verification response with its private key tied to that application and user and sends it back to the server.  That’s got to be the lightest weight 2nd factor user presence check I’ve seen.  I’ll be talking a lot more about the risks at the intersection of authentication and endpoint security but if you’d like to learn more about the FIDO protocols visit the FIDO Alliance.    

email this digg reddit dzone
comments (0)references (0)

Related:
5 Indicators of Endpoint Evil
Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online
Severing the Horizontal Kill Chain: The Role of Micro-Segmentation in Your Virtualization Infrastructure
Anatomy of a Hack Disrupted: How one of SIEM’s out-of-the-box rules caught an intrusion and beyond

Live with LogRhythm at RSA

Tue, 21 Apr 2015 16:03:25 GMT

Dave Pack from LogRhythm dropped in to see me at the UltimateWindowsSecurity.com booth (come see us at booth 2240 South hall) booth here at RSA.  As you know LogRhythm has been sponsoring my real training for free webinars for many years and is one of my favorite SIEMs so I thought I’d do a quick interview to see what’s new at LogRhythm.

Video transcript:

Randy:  Alright, so we’re live here at RSA at the UltimateWindowsSecurity Booth and I got David Pack here.  We’ve done a lot of webinars together in the past on the Windows Security log.  LogRhythm has got an awesome SIEM.  You know how much I love it for a number of reasons.  So what’s new?  What are you guy’s doing?  What’s some big stuff?

David:  Yeah, so what we’re really focusing on is building a workflow to handle the full threat life cycle.

Randy:  Ok.

David:   You know, everything from that initial detection to providing the tools to validate and qualify the detection, moving it into case management where evidence can be gathered and you know, a true, full picture of the story be put together and then ultimately adding on automated response actions to that.  You know, the whole goal is to lower the time to detect these events and then also lower the time to respond to these events, get them identified and cleaned up as quickly as possible.

Randy:  So, you know, what is that that you’re doing?  Are you building, you know, I can take notes and I can add stakeholders to this incident and document what is my resolution?

David:  That’s right.  It’s a fully integrated case management feature within the SIEM and you know, the workflows are, you can add evidence, different types of evidence.  It could be log data, it could be raw logs, it could be attachments, it could be notes.  Add different collaborators in.  You could get to the case from a URL where you add an external collaborator that doesn’t actually have an account with a log in.  You might need HR to come do one specific task.  You can add them and then do their task and move on.

Randy:   Yeah, because what if you’ve got a company that is already using another collaboration tool, like, I hate to use other product names while I’m interviewing a good sponsor friend, but you know, like Asana, Wrike, because you know we are looking at using that kind of stuff, but that’s cool you could just create a new task or project over there if there’s other stakeholders that you don’t want in your SIEM.

David:  That’s right.

Randy:  And just put that URL there. 

David:  Yeah, and there’s an API to integrate and some integration in the works with some of those other popular ticketing and case management type systems that are out there. So we kind of understand we need to play well with other solutions.  This is really supposed to be the start at least of that threat management life cycle.

Randy:  I like that.  So instead of just hey there’s something you need to look at and then you’re on your own.  We’re going to facilitate the whole process because that’s really only the beginning, the alert in the SIEM or that light on the dash board, really that’s just beginning.

David:  That’s right.  What we were seeing, a lot of people were dropping alerts or you know, they’d start working on one and got pulled away to do something else, came back and a different alert may have came in and that initial one kind of was forgot about, so they didn’t really have a place to, alright let’s start a case here, formal workflow, formal collaborators, a place to gather other types of evidence and workflow and pull it all together.

Randy: I like it.  What about knowledge management.  Do you still work in the knowledge engineering area?

David: It’s LogRhythm Labs.

Randy: So, I’m always interested in that because obviously what built UltimateWindowsSecurity and what my folks, my audience is always interested in is how do we interpret log data and you guys have made such a big investment over the years with a whole department devoted to getting that knowledge and codifying it inside a log rhythm.  So, I’m always interested in hearing what’s new there.

David: So that’s still happening.  That’s just an ongoing investment, you know, we write all the parsing and normalization rules.  That’s really what enables our real time analytics engine to do its job, basically adding structure to all its log data.  So that’s an ongoing thing, something we always do for everything that can generate a log out there.  The other half of LogRhythm Labs is really focused on the security analytics, the actual analytic rules that are finding bad things that are happening.  So one of the things we’ve recently done is developed what we call a security analytics co-pilot service where we will help organizations get these analytical modules properly deployed in their environment, up and running.  We will have periodic check-ins to help them understand what is the meaning when this alert fires.  We’ll give them some recommended actions to take.  Okay, you might want to joule down on the impacted hose and then pivot off to this user and really kind of be their analytics co-pilot, help them get the most they can out of all the content that Log Rhythm Labs is producing.

Randy:  That’s cool.  You know, the fact that you guys, I know that I always harp on this, but it’s still, I think, core to what makes LogRhythm what it is and it’s the normalization and categorization, but here’s the thing that always gets me.  Alright, parse as many log sources as you can, but when you come up with a threat signature, you don’t have to write that threat signature for every log source out there that produces those kind of events, right?

David: That’s right.  

Randy:  Can you just explain how the fact that the events are normalized allows you really write that threat signature criteria or rule one time?

David: Right, so you know, so all of these rules are basically working against the normalized layer of data, LogRhythm terminology.

Randy: A log on is a log on is a log on.

David: A log on is a log on.  Every log that comes through the system is identified and what we call a common event, where a log on is a log on regardless of the operating system or the application.  So the rule might say, you know, X number of failed logons followed by logons, so classic use case, but because we’re normalizing everything across the board, it works against everything.

Randy:  Yeah, yeah, that’s cool.  Well, I love that.  I also love the fact, let me just put a plug in for my software company LogBinder.  You guys have integrated and normalized the events that our software LogBinder generates from SharePoint, SQL Server and Exchange right into the rest of everything else that LogRhythm can show you.  And so, we’ve got some customers in common that are using that to good effect.

David:  Absolutely, yeah, yeah it’s great data for SOC to have or an IT organization to have access to and it’s pretty difficult to get to work without a product like yours, you know, working with a product like ours.

Randy:  Yeah.

David:  It’s a great relationship.

Randy: Some good synergy.

David: A lot of good value there, absolutely.

Randy: Alright, well thanks, I know you have to get back to your booth.  Thanks for coming by, David.

David: Thanks Randy.  Thanks for having me.

If you are at RSA come see me at booth 2240 in the South Hall and LogRhythm is at 1207 South hall.  

email this digg reddit dzone
comments (0)references (0)

Related:
5 Indicators of Endpoint Evil
Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online
Severing the Horizontal Kill Chain: The Role of Micro-Segmentation in Your Virtualization Infrastructure
Anatomy of a Hack Disrupted: How one of SIEM’s out-of-the-box rules caught an intrusion and beyond

NEW Free & Easy to Use Tool, Event Log Forwarder for Windows

Sun, 22 Feb 2015 22:13:47 GMT

Right or wrong, Syslog remains the de facto standard protocol for log forwarding. Every SIEM and log management solution in the world accepts syslog. So frequently you run into the situation of needing to forward Windows events via syslog. But Windows doesn’t support syslog and the “free” forwarders I’ve looked at in the past were just not pretty. Some even written in Java. Ugh. Besides being klunky and hard to configure they weren’t flexible in terms of which event logs they could forward much less which events within those logs.

But SolarWinds has just released a new and completely free Event Log Forwarder for Windows (ELF). ELF takes seconds to download, seconds to install and a minute to configure. Just select the logs you want to forward (below example shows successful and failed logons and process start events from the security log):


and specify the address of your syslog server:


ELF runs as a background service and immediately starts sending events out via syslog as you can see here on my syslog server.


I love how easy it is to filter exactly which events are sent. This allows you to filter out noise events at their source – conserving bandwidth and log management resources all the way down the line.

But what if you have many systems that need to be configured to forward events? I took a look at the folder where ELF was installed and found a LogForwarderSettings.cfg file that is very easy to read. Moreover there’s even a LogForwarder.PDF file in the Docs folder that fully documents this settings file. I don’t see anything installation dependent in this file so it looks to me like you could use the ELF GUI Client to configure one installation and then copy LogForwarderSettings.cfg to all the other systems where you want the same behavior.

You can download SolarWinds Event Log Forwarder here http://www.solarwinds.com/register/registrationb.aspx?program=20056&c=701500000011a71&CMP=BIZ-TAD-RFS-ELF_Review-ELF-DL-2015

email this digg reddit dzone
comments (0)references (0)

Related:
Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online
5 Indicators of Endpoint Evil
Severing the Horizontal Kill Chain: The Role of Micro-Segmentation in Your Virtualization Infrastructure
Anatomy of a Hack Disrupted: How one of SIEM’s out-of-the-box rules caught an intrusion and beyond

Randy's Review of a Fast, Easy and Affordable SIEM and Log Management

Thu, 29 Jan 2015 17:46:06 GMT

One of the most frequent complaints I hear from you folks is “We need a SIEM but can’t afford the big enterprise solutions.”  And as a tech-heavy small business owner I truly understand the need for software that installs in minutes and doesn’t require a ton of planning, learning, design and professional services before you start getting results.

Well, I’ve installed SolarWinds Log and Event Manager (LEM) in my lab and I can say that it is all of the above and more.  There’s actually no install of software or provisioning of a server because it’s a prebuilt virtual appliance.  When you download and run the LEM install package it simply unpacks the OVA template.  You just open VMWare or Hyper-V, deploy a new VM from template and point it at the file from SolarWinds.  After it boots up for the first time all you have to do is point your web browser at its DHCP assigned address which you can see in VMWare or Hyper-V.  Answer a few configuration questions such as static IP address and you are up and running.  To start pulling events from your servers click on Ops Center and click on the green plus sign.  We’re talking minutes.

LEM has all the features you need and expect from a SIEM.  And it’s flexible; you can monitor server logs with or without agents and you can also accept SNMP traps and Syslog flows from devices and UNIX/Linux systems. 

LEM is affordable, too.  It starts at $4495 and monitors up to 30 servers.  That’s the total price – no server OS or databases to license much less manage.

Since there’s such a need for affordable SIEM and log management and so many of you in my webinar are still trying get by with free utilities I’ve partnered with SolarWinds to raise awareness about LEM.  Please download it and try it out.  Even if you don’t have a virtualization server, you can still run the virtual appliance with a free desktop virtualization program like VM Player.  

LEM is affordable but it’s not “cheap” software.  LEM is actually one of the few SEIMs out there that implements my #1 feature: normalization and categorization.  LEM understands what events actually mean from each of the many, many log sources it supports.  By that I mean that whether the event comes from Linux, Windows, Cisco or anything other source if it’s a logon event (for instance) it gets parse and categorized as such.  This is important because every log source out there logs the same kind of events but in a different format.  None of us have time to learn all the formats and arcana out there about each log source.  LEM’s normalization makes so many things not only possible but also effortless.  For instance “show me all failed logon events for Randy Smith across all my systems and devices regardless of log source and format”.  Voila!

So, please, take a look at LEM.  Download it here.  

email this digg reddit dzone
comments (0)references (0)

Related:
Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online
5 Indicators of Endpoint Evil
Severing the Horizontal Kill Chain: The Role of Micro-Segmentation in Your Virtualization Infrastructure
Anatomy of a Hack Disrupted: How one of SIEM’s out-of-the-box rules caught an intrusion and beyond

Seven Steps to Designating Owners of Unstructured Data

Wed, 08 Oct 2014 15:17:27 GMT

Many organizations are seeing surges in the amount of unstructured data in their environments, even as new data breaches come to light every week. As a result, those organizations face increased audit and regulatory pressure regarding loose access controls over unstructured data that might contain sensitive information such as Social Security numbers, credit card data, health care information and proprietary data.

Download this white paper to discover:

  • How unstructured data can lead to increased costs and security vulnerabilities
  • A seven-step process for establishing information owners for unstructured data
  • A solution that helps automate the complex processes of governing and controlling unstructured data

Click here to download the white paper.

email this digg reddit dzone
comments (0)references (0)

Related:
Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online
5 Indicators of Endpoint Evil
Live with Dell at RSA 2015
Severing the Horizontal Kill Chain: The Role of Micro-Segmentation in Your Virtualization Infrastructure

Comparison: SQL Server Audit vs. SQL Trace Audit for security analysts

Tue, 07 Oct 2014 18:19:23 GMT

I just wrote a new whitepaper about SQL auditing. 

Security analysts must have meaningful, relevant audit data from the mission critical applications such as SQL Server. Database admins must have no disruptions nor degradation to the performance of the mission critical instances of SQL Server. Beginning with SQL Server 2008,versions of Microsoft SQL Server offer a new, superior SQL audit capability custom-built to meet demands.... 

...to continue reading over at LOGbinder.com click here.

email this digg reddit dzone
comments (0)references (0)

Related:
Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online
LOGbinder SQL Beta is released! Join beta testers now
5 Indicators of Endpoint Evil
Virtualization Security: What Are the Real World Risks?

previous | next

powered by Bloget™

Search


Categories
Recent Blogs
Archive


 

Additional Resources