LOGbinder Blog

Updates, Tips and News   RSS Feed  

Protecting Against Today's Latest Hacks

Thu, 02 Feb 2023 17:14:09 GMT
In today's digital age, hacking has become a major threat to individuals, businesses and organizations. With the increasing sophistication of cyber-attacks, it's essential to understand the latest hacking methods and how to protect against them. Here are some tips to help you stay ahead of the curve.
  1. Keep Software Up-to-Date: Regular software updates are a crucial step in protecting against the latest hacks. Software vendors often release patches to fix vulnerabilities that hackers may exploit. So, it’s important to keep your software updated at all times.  To help stay up-to-date you can subscribe to Patch Tuesday (MS patches) and Patch Monday (3rd party non-MS patches) over at UltimateITsecurity.com.
  2. Use Strong Passwords: Strong passwords are the first line of defense against hacking attempts. Use a combination of upper and lowercase letters, numbers and special characters to create a password that's difficult to crack. Avoid using easily guessable information such as birthdates or names. Combinations such as "password123" and "asdf1234" are not secure passwords.
  3. Enable Two-Factor Authentication: Two-factor authentication (2FA) adds an extra layer of security to your accounts by requiring a second form of verification in addition to your password. This could be a one-time code sent to your phone or a fingerprint scan.
  4. Backup Your Data: Regular data backups can help you recover quickly if your system is hacked. Store your backups in a secure location and make sure they're encrypted.
  5. Use Antivirus Software: Antivirus software can help protect against malware and other cyber-attacks by detecting and removing harmful files. Make sure to use a reputable antivirus software and keep it updated.  Most Windows systems have built-in antivirus but if you are using a hosted solution like Office365 you may want to check your subscription to see includes any additional endpoint protection, analytics and other protection features.
  6. Be Cautious with Email Attachments: Email attachments are a common way for hackers to deliver malware. Be wary of emails from unknown sources or emails that look suspicious and never open attachments from untrusted sources.  Never click on links in emails from unknown sources.  Phishing is one of the most effective but easily prevented exploits.  End user education about smart email security best practices is worth its' weight in gold.
  7. Be Careful on Public Wi-Fi: Public Wi-Fi networks are often unsecured, making them easy targets for hackers. Avoid accessing sensitive information on public Wi-Fi and use a VPN to encrypt your connection.
  8. Educate Yourself: Finally, stay informed about the latest hacks and cyber-attacks. Read news articles, attend training sessions and keep up with best practices to stay ahead of the curve.
In conclusion, protecting against today's latest hacks requires a combination of technical measures and awareness. By following these tips, you can reduce your risk of being hacked and keep your personal and professional information secure.  If you are an enterprise environment and want to collect logs from all of your desktops, laptops and servers then you may want to have a look at our Supercharger product.  Supercharger can help you not only get Windows Event Collection configured in minutes but also help you manage WEC across your organization almost instantly.

Supercharger 22.8.2 Adds Cross Domain Forwarding

Fri, 26 Aug 2022 19:00:48 GMT
One of the things we value the most at LOGbinder is customer feedback.  We are fortunate to have some very large customers that are willing to work very closely with us.  In our many conversations with our customers there has been a much requested feature; cross domain forwarding.  We are happy to announce today that as of version 22.8.2, Supercharger now includes cross domain forwarding. Let's answer a few questions:

What is it?  How does it work in Supercharger? What to expect when you upgrade a current installation?

What is cross domain forwarding?

When we talk about cross domain forwarding we are referring to using a WEC subscription to collect events from endpoints that reside in multiple domains.  

How does it work in Supercharger?

In Supercharger, after clicking on a domain, you will now see a tab named "Trust".  This tab lists the trust relationships that are discovered in Active Directory.  To enable cross domain forwarding between domains click on the "Enable" button next to the trust you want to work with.  There may be multiple domains listed but you only need to enable trusts for the domains you want to forward events between.

By enabling a trust you are ensuring that Supercharger properly synchronizes computers in the trusted domain so that forwarder analysis and load balancing can find forwarders in the trusted domain.  This allows the health features of Supercharger to work properly across domains.

Once enabled you will be able to select these domains when creating cohort elements on Load Balancers.  As you can see in the screenshot below we can create cohorts from both domains we have trusts enabled in. 


Just to be clear, cross domain forwarding means we can have endpoints from multiple domains.  It does not mean that we can have forwarders from domains sending events to WEC collectors from various domains.  The collectors on the Load Balancer will be from one domain.

What to expect when you upgrade a current installation?

You can download the latest version from here. Run the installer on your current Supercharger Manager.  All existing Supercharger collectors will upgrade themselves automatically.  If you have any existing trusts in any domains that exist in Supercharger these will be listed on the "Trusts" tab.

Log4J Java Library Vulnerability

Tue, 14 Dec 2021 19:31:49 GMT
By now you have read of the Log4J flaw that exists in the wild. Our technical team monitors new security vulnerabilities and within hours they checked in with our programming staff to find out about the impacts of Log4J on our solutions.  Over the last 48 hours we have also had many customers reaching out to us to find out if LOGbinder for Exchange, SQL Server or SharePoint are affected as well as Supercharger for Windows Event Collection.  We are happy to report that none of our products are affected by the Log4J Java Library vulnerability.

Latest version of Supercharger brings 50+ updates

Thu, 15 Apr 2021 10:54:34 GMT

Towards the end of 2020 and in to 2021 something big has been happening with Windows Security.  Over the past few months, the interest in Windows Event Collection (WEC) has exploded exponentially.  Our sales team has reported that the number of inquires, quotes and sales has gone through the roof.  The feedback we have been receiving about Supercharger for WEC is proof that so many organizations out there are focusing on getting event logs from all endpoints (servers/workstations) into the SIEM.  Over the years we have taken pride in our Supercharger software but today we have reason to really stand tall and puff out our chest.

Our latest version of Supercharger, 21.3.16, is being released.  It contains over 50 different enhancements and bug fixes.  Here are just a few:

  • Supercharged performance enhancements - some customers have previously expressed concerns about the load times in Supercharger, especially those with 100,000's of endpoints and 100's of subscriptions.  The improvements in our latest version speed up operations in Supercharger from smaller 1,000+ machine environments to enterprise size implementations.  From modifying the way Supercharger retrieves data from its database to tweaking things as small as license keys being applied you will see drastic improvements in load times across the board.
  • Improvements to multi domain implementations
  • Improvements to the look and feel of Superchargers application logging
  • Our Security Log Wizard is back by popular demand
  • Event log performance monitoring

Rather than bore you with a long list of everything we've done we invite you to download (or upgrade if you are an existing user) the latest version and test it out.  If you're new to Supercharger, here are some answers to a few common questions:

  • What special permissions are needed to run Supercharger?  None.  As a security focused company, we take pride in creating least privilege security applications.
  • How do I setup a POC or test Supercharger?  Download and install it fully functional for 30 days.  After installation follow the step-by-step Getting Started Guide in Superchargers dashboard to setup WEC properly.  As always, if you need more than 30 days just let our sales team know.
  • How much does Supercharger cost?  As quantities increase, price per forwarder decreases.  To get exact pricing just input your total amount of forwarders on our quote page.
  • What if I need help?  For presales tech support you can reach out to our highly technical sales team.  If you have an existing support contract you can open a support request in our Support Portal.

Download Supercharger today and see just how easy a huge implementation of WEC can be.  Just imagine having all of your Windows endpoints send event logs to a collector in under 15 minutes.  With Supercharger we've made the impossible possible. 

Over the past few months, we've been listening to you.  Most of the enhancements and bug fixes in our latest releases are because of you.  The feedback and suggestions on our forum and support portal have helped us continue to improve our products.  So thank you very much!

If you are already a licensed user of our products and have a current support contract, then upgrading is easy.  Just find the product you need to upgrade on our download page.  Download the installer you need and just install on top of your current installation.  You will most likely need to request an updated product key at support.logbinder.com.  If you are upgrading Supercharger you just need to upgrade the manager.  All the collectors will upgrade themselves.

Thanks again for your support and I look forward to your feedback.


Today we revolutionize using Windows Event Collection at scale

Fri, 04 Sep 2020 15:53:09 GMT

What we are announcing today with Supercharger for Windows Event Collection reminds me of how far technology has come.  I remember being so excited to sit down in front of the great Commodore 64 thinking how amazing this is.  Now almost 40 years later and my processor has as many cores as that C64 had bits.  Why am I talking about 40-year-old computers?  Back then I, like many, thought that the C64 was an amazing machine. But look at what we have today just 40 years later.

Today, Windows Event Collection/Forwarding (WEC/WEF) is becoming a well-known well-functioning technology.  It’s been around since Vista and Server 2008 and it’s a great technology.  What makes WEC an awesome technology?  To start, it’s built-in to Windows and has no agents, no polling, no noise and can be centrally managed.  In the past 12 years nothing much has changed with WEC.

Now that WEC is being implemented more in the real world it’s becoming easier to see where it is lacking.  For example, once you start to scale out with multiple collectors and thousands (or tens or hundreds of thousands) of forwarders, then your collectors can become unstable or even unusable.  The solution?  Setup more collectors.  Create the same subscription on each collector but assign different computers to each collector.  Good idea, right?  In theory, yes.  Soon it will become obvious that keeping collectors and subscriptions consistent is a full-time job.  The next thought may be to just use AD groups.  But then you run into the issue of new computers and decommissioned computers.  That issue is nothing compared to the fact that group membership changes don’t take affect until either a system reboot or purging of the Kerberos ticket.  I think it’s safe to say that for most, if not, all of us, we just can’t do a mass reboot of servers/workstations.   So that leaves the option of purging the Kerberos ticket.  Now we have to bring in technologies like System Center, PS Remoting or tasks in our GPO’s.  There has to be a better way.

So, let’s nix the idea of groups in the WEC subscriptions.  Can’t we just add individual computers to the subscription? 

Yes, you can but as it turns out WEC’s subscription memory structure is limited to about 1,800 allowed computers.  Many organizations regularly need to assign tens of thousands of forwarders to a single collector. So now that’s going to require multiple duplicate subscriptions targeting unique sets of 1,800 (1,500 to be safe) forwarders each. 

 

Tired yet???  Just thinking of the management of this setup gets me stressed.  All this makes two points very clear.  WEC is a great foundation for an enterprise logging pipeline but

  1. it needs care and feeding
  2. becomes unwieldly on its own especially once you start scaling out

So, since its release 12 years ago not much has improved WEC, that is until now!

Back in 2018 we released Supercharger for WEC.  One could say it was the Commodore 64 of its time.  It had what we called Distributed Subscriptions.  Supercharger made use of a dedicated OU in AD where it managed groups that were used to balance subscriptions across multiple collectors.  Did this fix the issue that many WEC environments were facing with large numbers of endpoints?  Yes, but again we have the issue of computers not seeing that they are added to groups until reboot.  So, Supercharger was constantly waiting for load balance maintenance to take effect.

Now, on Sept 3, 2020 we released a new version of Supercharger.  We have redesigned distributing subscriptions with our new Load Balanced 2.0 technology.  

This revolutionary enhancement means no more waiting for endpoints to see group additions.  This also means Supercharger no longer requires a dedicated OU in AD and a dedicated service account with permissions to create/modify groups in that OU.  You may be thinking, “hey what about WEC’s limit of 1,800 forwarders to subscription limit?”  We solved that by programmatically creating multiple WEC subscriptions with 1,500 computers assigned to each one.  These individual subscriptions are known as “shard sets” in Supercharger.

Now load balanced subscriptions take effect immediately.  If you need to add, remove, or replace a collector this can be completed instantaneously.  We are not exaggerating when we say that the reaction time has been reduced from weeks to seconds!

With Supercharger, not only do you get one pane of glass visibility into your WEC environment but you no longer need to “jump box” around from collector to collector to monitor subscriptions.  So, you can escape being tied down to RDP and Event Viewer when managing WEC.  Also, Microsoft has admitted that at a certain point, once you reach X number of subscriptions and forwarders, Event Viewer just gets overloaded and will stop working.  Obviously, this makes it impossible to manage subscriptions in some environments.  Add on to this the health change alerting, performance monitoring, trend analysis, policy-based control and load balancing 2.0 and it’s clear that Supercharger is a must have for any WEC implementation. 

Download Supercharger today and see just how easy a huge implementation of WEC can be.  Just imagine having all of your Windows endpoints send event logs to a collector in under 15 minutes.  With Supercharger we’ve made the impossible possible. 


previous | next

powered by Bloget™