Application Security Intelligence: The Next Frontier in Security Analytics - Bridge the Gap between Applications and SIEM

Webinar

Monitoring system logs is a good start but attackers don’t really care about your operating system or your firewall. They want the information in your applications. And compliance is about protecting that information.

Obviously your infrastructure must be secure because it’s the foundation upon which your applications run. But there’s a reason why most security incidents occur at the application layer:

There are more end-users than administrators and end-users understand the application layer
It’s easier to obtain and consume information at the application layer. For instance printing a report based on a SQL Database takes less authority, less system access and less technical skill than exporting the underlying tables. And exporting tables into a portable data format is usually easier than obtaining the physical files of the database and parsing them.
End-users only have access to the application layer and it’s usually easier for external attackers to gain end-user access than take over an administrator’s account because…
- Admins are usually more security conscious than end-users
- End users typically fall prey to phishing and social engineering more easily than IT staff
- End user accounts and endpoints are traditionally less protected than those of privileged users

To achieve compliance and to stop APTs, your security analysts need to see what’s happening in your applications.

That means you need to put application audit logs where they belong – in your SIEM. Then correlate application security intelligence with the rest of your security activity. But getting application audit logs into your SIEM is surprisingly difficult.

In this webinar I’ll explain the challenges that arise when you try to get security activity from applications into your SIEM. Every application is different so we will focus on 3 key areas:

SharePoint
SQL Server
Exchange

For each of these applications I’ll explain:

Why you need security activity from this application in your SIEM
What security events are available
What routes if any are available to get logs out of the application and into your SIEM

Fittingly, LOGbinder is sponsoring this webinar and I’ll show how LOGbinder bridges the gap between applications and SIEM. Security intelligence from the application layer is the next big frontier with security analytics and this webinar will show you how to make it happen.

Don’t miss this real training for free™ event.

Please register now!

Click here to watch the webinar now

Upcoming Webinars

Additional Resources

User name:
Password:
	/ Forgot?
	Register

July 2024 Patch Tuesday	"Patch Tuesday - Four Zero Days " - sponsored by Supercharger for Windows Event Collection

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.