Some customers have reported “Send-As” events missing from Exchange Server 2013. This issue occurs when the user and the mailbox are located in different Active Directory sites. Microsoft resolved this issue in the Cumulative Update 10 for Exchange 2013. See this KB article for more information about the problem and solution: https://support.microsoft.com/en-us/kb/3074823

This would be a good time to make sure your SIEM solution’s product team is getting ready to correlate the security audit events that will soon be available from a certain “Mobile first, cloud first” company based in Redmond, Washington USA. With the new 2016 family of on premise products, the support window for the older versions is reduced. But more than that, the new releases and functionality are inexorably pushing organizations to the cloud.

If you thought BYOD was your troublesome dinner guest to conventional IS/IT and InfoSec, cloud-based apps will be your rebellious teen-ager who is the apple of his grandparents’ eye. Microsoft executives receive a lot of attention from the editors and reporters your C-suite people read, and it would seem all they can talk about are features and benefits of their cloud-based enterprise applications. So expect internal pressure to increase. Here are some things to know:

• LOGbinder will bridge the gap between your SIEM and the new cloud applications, and we are well-along with our new product development; you will have that easy button to push when you’re ready. LOGbinder’s output will be optimized for the SIEMs that work with us on the project.
• Your SIEM should be preparing now to do something smart with the new events and scenarios these cloud apps will script. The SIEM product development team should be talking to Randy Franklin Smith about the coming new world order in terms of recommended rules and alerts for cloud security audit.

Microsoft released Exchange 2016 on October 1, 2015 announcing “enhanced security and compliance features” related more to document management and archiving than security audit events; they do not appear to add events nor substantially change the audit function of the application.

Our development team is actively working to deliver a version of LOGbinder for Exchange that will include compatibility with Exchange 2016.

Features of Microsoft’s latest Exchange Server release have been known for some time. However, some new features won’t be fully understood or utilized until the release of SharePoint 2016 and Office Online Server. For details from Microsoft about the current Exchange 2016 release, see “What’s new in Exchange 2016” from TechNet. Pay particular attention to the “Discontinued features” content.

Security analysts need to be confident in their audit monitoring performance. Anybody can rotate car tires, but only a professional can properly rotate and balance the wheels to improve tire performance and safety. The same is true with application audit log parsing. For most SIEM security analysts, only LOGbinder delivers the performance and stability that security and compliance policies demand.

Not all that long ago data analysts and early log management platforms were stuck with “garbage in” problems. Remember when it was problematic even to import a text file, leave alone the esoteric ones with packed headers and binary fields? Headers were missing, delimiter collisions were constantly causing headaches, file parsing was a resource hog, and transport speed was something you could experience only from the bridge of U.S.S. Enterprise NCC-1701-D. It is still a difficult process, but LOGbinder’s formatted output has made all that a distant memory for a lot of people.

Our developers put extensive thought into how to best present security audit events for SIEMs to consume. LOGbinder software presents a robust and meaningful file (or UDP stream), thoughtfully formatted for SIEM consumption. The result is speed, of course, but also stability at any processing speed.

This comes up because recently we were asked to help a customer to achieve a log consumption rate of 1 GB/minute! We’re working on the challenge (and think we’ll exceed the customer requirement) but the thing is we can do it because already our carefully crafted output formats will allow it. No other “home grown” solution can come anywhere close to that value proposition.

Perhaps it is easy to undervalue just how sublime it is to have a log input option That. Just. Works.

If your stakeholder confidence is vital enough, your organization’s reputation is important enough, only LOGbinder is strong enough to reliably feed your SIEM.