Blog | Newsletter | Download | Contact

LOGbinder Blog

Updates, Tips and News   RSS Feed  
Search
Categories
Recent Blogs
Archive

«  New Whitepaper: Top 6 Se... | Workaround if LOGbinder S... »

LOGbinder EX for Exchange Released: Bridge the Gap between Exchange and Your SIEM

Mon, 18 Feb 2013 14:54:19 GMT

I’m excited to announce the release of LOGbinder EX for Exchange Server which bridges the gap between Exchange and your SIEM. 

With today’s ever-growing compliance burden and threat-scape, obtaining visibility into the dominant messaging platform is crucial to security and business risk management for most organizations.

Thankfully, Exchange Server provides an audit trail of non-owner access to mailboxes as well as privileged activity by Exchange administrators.  

With mailbox auditing, you can detect

·         Users viewing an executive’s confidential email

·         Impersonated, fraudulent emails

·         Administrators exporting copies of entire mailboxes

·         Deletion of emails to cover up evidence

With administrator auditing, you can detect

·         Exports of mailboxes

·         Copies of entire mailbox databases

·         Security configuration changes to Exchange

·         Access control changes to groups, roles, and permissions

·         Modifications to Exchange policies involving retention, mobile device policy, information rights management, federation, and more

But, like many application audit logs today, the information is trapped within the application and specific to Exchange, audit logs are actually maintained in mailboxes. Applications benefit from internal audit capability but ultimately audit logs should be copied as frequently as possible to a separate, isolated log management system.

LOGbinder EX efficiently process native Exchange audit data and translates cryptic codes, yielding an easy-to-understand Exchange audit log to the Windows event log or syslog where any log management/SIEM solution can take over with collection, alerting, reporting, and secure archival. LOGbinder EX performs these functions on both the administrator audit log and the mailbox audit log.

LOGbinder EX can be installed on most any server in your domain; there's no need to install it on any of your Exchange servers thus preventing impact on production mail flow.

Exchange audit logs need to be monitored and they belong in your SIEM.  Use LOGbinder EX to bridge the gap.

Please download LOGbinder today or contact us for a demo.  I’ve also got a whitepaper that explains Exchange Server’s 3 Audit Logs and how LOGbinder and your SIEM fit in.  Click here to read the whitepaper.
email this digg reddit
comments (0) references (0)
Related:
November 2014 LOGbinder Newsletter: Windows Event Collection and your SIEM; 2 Tech Tips for security analysts
The 24-hour Bug in Microsoft Exchange Mailbox Auditing
December 2014 LOGbinder Newsletter: QRadar fully supports Exchange, SharePoint and SQL Server audit; Tech resources for security analysts
Audit log truncation and audit integrity

Comments disabled

powered by Bloget™
Login | Terms of Use | Privacy
LOGbinder is a division of Monterey Technology Group, Inc. ©2006-2024 All rights reserved.
For complaints please contact abuse@logbinder.com.