LOGbinder for Exchange: Bridging the Gap Between Exchange and SIEMs

With today's compliance, discovery, and liability concerns, management is increasingly concerned about having a high integrity audit trail of access to mailboxes as well as privileged activity by Exchange administrators.

Microsoft has risen to the occasion with new native audit capabilities in Exchange Server 2010 but, like many audit logs today, the information is trapped within the application, and, specific to Exchange, audit logs are maintained in mailboxes.

Audit logs don't belong in the application they audit. Widely accepted best practices for information security mandate that audit logs be moved as frequently as possible to a separate, isolated log management system.

LOGbinder for Exchange, my third LOGbinder collector, efficiently processes native Exchange audit logs, resolves unreadable ID codes, and translate other cryptic codes, yielding an easy-to-understand Exchange audit log to the Windows event log where any log management/SIEM solution can take over with collection, alerting, reporting, and secure archival. LOGbinder for Exchange performs these functions on both the administrator audit log and the mailbox audit log.




Additional Resources