The Hacker News - Cybersecurity News and Analysis: Event Log Monitoring

It's inevitable. Most security threats eventually target privileged accounts. In every organization each user has different permissions, and some users hold the metaphorical keys to your IT kingdom. If the privileged accounts get compromised, it can lead to theft or sabotage. Because these accounts control delicate parts of your IT operations, and it is important to know who has privileges, what privileges they have, when they received access, and what activity they've done. This is where Security Information and Event Management (SIEM) software comes in handy. SIEM Monitors and Alerts on Privileged Account Activity Comprehensive monitoring of privileged accounts can be challenging because you need to monitor users who are administrators, users with root access, and users with access to firewalls, databases, services, automated processes, etc. With every additional user, group, and policy monitoring account activity gets increasingly difficult. On top of mo

In today's world your network is subject to a multitude of vulnerabilities and potential intrusions and it seems like we see or hear of a new attack weekly. A data breach is arguably the most costly and damaging of these attacks and while loss of data is painful the residual impact of the breach is even more costly. The loss or leakage of sensitive data can result in serious damage to an organization, including: Loss of intellectual property Loss of copyrighted information Compliance violations Damage to corporate reputation/brand Loss of customer loyalty Loss of future business opportunities Lawsuits and ongoing litigation Financial and criminal penalties To help you protect sensitive data and reduce the risk of data loss, we recommend using a Security Information and Event Management ( SIEM ) technology such as SolarWinds® Log & Event Manager . If you're not familiar with Log & Event Manager (LEM), it's a comprehensive SIEM product, packaged in an ea

Attackers care about ROI – they want to accomplish their objective with the least investment of time and resources possible. The same is true for you - to most effectively manage vulnerabilities, you need to think like an attacker. Ask yourself: How would you go about compromising systems, exfiltrating valuable information and making money? What are the key assets in your network that you would target? How would you get to these assets? Attackers are looking for vulnerabilities that are exposed – ones offering them an easy way to penetrate your network and pivot into the truly valuable assets on your network. Although zero-day exploits are heavily publicized, attackers more often use older, proven exploits very effectively. Fortunately, many such exploits are well known and have clear remediation methods. So, how can you determine if a known vulnerability is actually exploitable? The key is to correlate system vulnerabilities with threat intelligence so you can prioriti

Systems on your network log data 24/7/365. Simply allowing logs to take up disk space, reviewing them only after something has happened and deleting logs when you run low on disk space are all the strategies of an admin doomed to always being in firefighting mode, reacting to bad things when they happen. Proactive log management can help an admin get into a proactive mode You know that event log monitoring is important, since all your systems and key applications log data. But since no two systems log to the same place, or in the same format, it's almost impossible to get ahead of the logging and actually pay attention to what is being logged. That's where event log monitoring comes into play; here's why: Aggregate your logs in a central location:  With logs spread across dozens or even hundreds of systems, there's no way you can manage them where they are. Event log monitoring applications can gather up all your logs in a central location, making them easy to analyze, store, and m