We write this month's newsletter from the bowels of the RSA Conference 2015. We met many fans and had some great conversations with the security industry’s movers and shakers. And with Microsoft’s big announcements about Exchange and SharePoint Online, and Azure AD API, we will be releasing new products to leverage that huge technology boon for security analysts. But there’s even bigger news than that. Which brings us to…
Windows Event Forwarding you can actually use for your SIEM
In a stock SIEM, organizations with 100s or 1000s of windows systems to monitor have 2 options. They can to poll each one as frequently as possible and deal with all the security, networking and bandwidth headaches that come with that effort. If not that painful scenario, the other option is to fight with server admins to put agents on their systems and struggle to keep those agents healthy, up-to-date, and sending events.
There is another way to do it that takes all those problems and kicks them to the curb. Windows Event Forwarding (WEF) requires no agents, no in-bound connections, no polling-- you eliminate all the problems with collecting Windows Events. Instead, you just tell all those Windows systems to send the important events, leaving noise behind, over a secure and resilient channel using the Windows Event code already baked into Windows.
But, (and there’s always a “but”) Windows Event Forwarding is just a foundation technology:
- There are many disparate components to understand. Components that all need proper configuration. If one of them is wrong, you have no indication of that fact, much less why.
- The other pain point is that while WEF can filter the noise at the source, for the ultimate in signal-to-noise efficiency ratio, somebody has to define the filters. Filtering requires both expert knowledge of the Windows Security log and the ability to codify that knowledge to the extremely arcane language used in those filters.
So, into that maelstrom of challenges LOGbinder introduces a new product that will eliminate all the pain points associated with getting Windows event logs where they belong – the SIEM. We're calling the software LOGbinder SuperCharger for Windows Event Collection. With it, we are finally making WEF easy and manageable. WEF is gold, but very few organizations are able to leverage it. LOGbinder is going make WEF accessible to everybody-- and FREE to small businesses!
You are going to love our new product.
LOGbinder announced updates to all 3 existing products. Again. And changed their names.
Some of the LOGbinder team were at RSA Conference 2015 this week in San Francisco, California, where we distributed news of our newest software updates. There were 2 main points to the release:
- We posted significant updates to LOGbinder for Exchange and LOGbinder for SQL Server.
- The big news on the update front is that LOGbinder for SQL Server 2.5 brings compatibility with SQL Server 2014 and has some new events because of this compatibility. It also adds LEEF output as an option for IBM QRadar customers.
Automatic mailbox audit policy configuration is a new feature introduced to LOGbinder for Exchange 3.0. This is very big news indeed for security analysts who need to monitor Exchange servers.
Existing LOGbinder customers who have current maintenance contracts will receive these major updates at no additional cost! To get the details about the new features, including a major benefit of the new mailbox audit policy configuration tool, read our news release here.
We have made a number of improvements to our software just over the last 12 months or so, which adds tremendous value to customers who purchase a support and maintenance contract.
Cloud security audit intelligence solutions
For a long time we have noticed that organizations give up a lot of security control when going to the cloud. This week Microsoft announced they were making it possible to get security audit intelligence from their cloud applications Exchange, SharePoint and even Azure AD. This is great news for just about everybody! This is something that had to happen. We think it is very significant and will move a lot of people to move to the cloud. We have been expecting this and are already developing a suite of LOGbinder solutions to leverage this technology. LOGbinder customer will be able to keep even their cloud applications under the eye of their SIEM! Look for it before the end of 2015.
Here's the relevant text from the Microsoft release from FierceCIO
To further boost transparency, Microsoft also announced a new Management Activity API to deliver a greater level of security and compliance monitoring within Office 365. Currently in preview, the RESTful API lets enterprises gain access to more than 150 types of transactions through third-party web services or in-house apps for auditing and compliance purposes. Supported services are SharePoint Online, Exchange Online and Azure Active Directory at the moment, though Microsoft says more services will be added in the future.
No; Thank You
During the RSA Conference, it was clear that LOGbinder sits in a good place in the security intelligence market. It is a small company with a lot of very happy customers who love that we solve their problem with application security intelligence. We lost count of the people who stopped by the booth and told us, “Thank you for what you do!” It was humbling, to be honest. It made us feel good. So we want to say to you what we said to the people at the booth this week. Thank You for the support and the incentive to raise the bar for application security intelligence. We take your security seriously, and work very hard to be a part of the solution. We remain grateful for the opportunity.