Security, et al

Randy's Blog on Infosec and Other Stuff

My New Windows Security PowerPack Solves 3 Security Headaches and It's Free

Fri, 18 Jun 2010 06:56:07 GMT

Quest Software's Kirk Munro and I got together and solved 3 security headaches with this new PowerGUI PowerPack.

And did I mention it's free?

http://www.ultimatewindowssecurity.com/tools/wspowerpack/

email this digg reddit dzone
comments (0)references (0)

Related:
Live with Dell at RSA 2015
5 Indicators of Endpoint Evil
Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online
Live with LogRhythm at RSA

I love Tilana Reserve Continuous Data Protection

Thu, 13 May 2010 15:48:36 GMT

I love Tilana's Continuous Data Protection - it's awesome and now they support running on 64 bit workstations!  Beyond efficiently backing up files as soon as they change or are created, Tilana also syncs folders between multiple computers - works awesome.  Plus you can share files with non Tilana users - a great way to send large files instead of by email attachment.  Tilana just creates a unique URL that you send to anyone.  You can have access expire after so many downloads or after a specified number of days.  www.tilana.com

email this digg reddit dzone
comments (0)references (0)

Related:
Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online
5 Indicators of Endpoint Evil
Severing the Horizontal Kill Chain: The Role of Micro-Segmentation in Your Virtualization Infrastructure
Anatomy of a Hack Disrupted: How one of SIEM’s out-of-the-box rules caught an intrusion and beyond

New Software that Unlocks the SharePoint Audit Log

Thu, 24 Sep 2009 10:08:14 GMT

I am very excited today to announce the beta release of LOGbinder SP - my first software solution aimed at expanding the reach of log management.

LOGbinder SP allows you to audit security events in SharePoint with the Windows Security Log.

Why do I need LOGbinder SP? Doesn't SharePoint already have an audit log?

LOGBinder SP is a small, efficient .NET service that monitors the internal SharePoint audit log.  For each event LOGbinder SP resolves the user and object IDs and other cryptic codes, producing an easy to understand, plain-English translation of the SharePoint security event.  (Click here for a list of events.)  Then LOGbinder SP forwards the event to one or more output formats:

  • local Windows security event log
  • custom Windows event log
  • syslog server*
  • text file*
  • XML file*
  • SQL server reporting database*

This variety of output formats allows you to extend any log management solution to now support SharePoint audit trails and security events.

Alternatively, or in addition to integrating with your log management solution, you configure LOGbinder SP to send events to a SQL Server reporting databse and use our pre-built reports (implemented in SQL Reporting Services) to review and analyze the security activity of your SharePoint sites. 

LOGbinder SP is currently in beta and available as a free download. Please help us build LOGbinder SP into a great solution!

Please visit http://www.logbinder.com/Products/LOGbinderSP/ to learn more about the SharePoint audit log and it's woeful limitations and how we fix them with LOGbinder SP. 

Please download and put LOGBinderSP to work for you, securing SharePoint data.

* not yet implemented in the current beta

email this digg reddit dzone
comments (0)references (0)

Related:
Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online
Live with Dell at RSA 2015
5 Indicators of Endpoint Evil
Understanding the Difference between “Account Logon” and “Logon/Logoff” Events in the Windows Security Log

LogRhythm 5.0 Opens New Frontier in Log Management with Active Directory Integration

Tue, 15 Sep 2009 15:11:14 GMT

I’m very impressed with the Active Directory integration found in LogRhythm 5.0.  This represents a new frontier in log management maturity.  The new AD integration in LogRhythm 5.0 allows you to combine information from Active Directory with key security log events to take your monitoring and response procedures to the next level of intelligent filtering and automated incident response.

This kind of capability is important because you need to constantly look for ways to reduce the number of alerts and report pages that you have to review and respond to by either automating the response itself or doing a better job of qualifying events that are actually inconsequential – that is – expected activity. At the same time you need to constantly improve your monitoring procedures to quickly identity and respond to those events that truly are relevant.

With LogRhythm 5.0 you can add monitoring criteria, for instance, that take the user who triggered a given event and then look up that user in AD and check to see if he/she belongs to a specified group.  Based on their membership, you can discard the event or trigger an alarm. 

LogRhythm 5.0 also allows you to enrich reports with information from Active Directory.  Usually the only information about a user or group in a given log record is the object’s name which makes it difficult to contextualize the event.  But being able to pull additional properties for that user or group from AD saves you lots of time and greatly improves your analytical capabilities.

If you’d like to get more ideas for how you can integrate log data with Active Directory information for more sophisticated and automated monitoring and forensic analysis and if you’d like to see LogRhythm 5.0’s AD integration features demonstrated check out my on demand webinar: 5 Cutting Edge Response Techniques that Integrate Security Events with Active Directory.

email this digg reddit dzone
comments (0)references (0)

Related:
Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online
5 Indicators of Endpoint Evil
Severing the Horizontal Kill Chain: The Role of Micro-Segmentation in Your Virtualization Infrastructure
Anatomy of a Hack Disrupted: How one of SIEM’s out-of-the-box rules caught an intrusion and beyond

Recommendation Withdrawn: Applicure's dotDefender

Fri, 28 Aug 2009 14:23:57 GMT

A while back I did a free training webinar on SQL Injection attacks.  Applicure sponsored the webinar demonstrated their dotDefender product.

I am aware that the vendors I invite to sponsor my training events are a reflection on me and may be interpreted by some as an implicit recommendation.

This is to notify you that I withdraw any recommendation, implied or otherwise, about Applicure and their products.

email this digg reddit dzone
comments (0)references (0)

Related:
Live with Dell at RSA 2015
Many Questions and Few Answers Regarding Latest Adobe Hack
Severing the Horizontal Kill Chain: The Role of Micro-Segmentation in Your Virtualization Infrastructure

Enhanced help for managing access control in Windows environments

Fri, 12 Jun 2009 11:37:40 GMT

A couple months ago I did a real training for free (tm) session on Top 11 Dos and Don’ts of Managing Access Control in the Windows/AD Environment and many of you were impressed like me with how Quest Access Manager simplified or eliminated many of my recommendations. 

At the time of the webinar, Alex Binotto from Quest indicated a number of your questions about Access Manager would be addressed in the upcoming release of 1.1 which is now here.  New features include:

  • Remote Windows Scanning - reduces the number of agents to be installed
  • Support Windows Clusters
  • Support for storage devices – NAS (NetApp/EMC/etc.)
  • Delegation/Segregation of Duties - now you can limit users of Access Manager to what I would call "look but don't touch".  That means they can assess and report on access permissions across the network without the ability to modify access control. 

Nice job, Alex and company.  If you'd like to watch my webinar referenced above click here.  To learn more about Access Manager click here.

email this digg reddit dzone
comments (0)references (0)

Related:
Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online
5 Indicators of Endpoint Evil
Severing the Horizontal Kill Chain: The Role of Micro-Segmentation in Your Virtualization Infrastructure
Anatomy of a Hack Disrupted: How one of SIEM’s out-of-the-box rules caught an intrusion and beyond

previous | next

powered by Bloget™

Search


Categories
Recent Blogs
Archive


 

Additional Resources