LOGbinder Blog

Updates, Tips and News   RSS Feed  

LOGbinder licenses survive SIEM migrations

Mon, 28 Mar 2016 11:32:55 GMT

All LOGbinder licenses are perpetual – you pay only once for them. Which is great if you migrate to another SIEM. Because of this, LOGbinder continues to add value to the Security Operations Center long after the purchase.

We get questions from time to time about how our solutions are licensed. The information is posted on our website, but here’s a for quick reference for our current 3 products:

LOGbinder’s license is based on a metric that we can validate programmatically without site audits or a complicated update and upgrade process.

McAfee ESM, Logsign provide LOGbinder integrations

Mon, 28 Mar 2016 11:32:43 GMT

Few things are more important to organizations than monitoring what’s happening to its sensitive information. You should expect a SIEM solution to make it easy for customers to do that and stay up-to-date with that ability.

While most of our readers are familiar with the major SIEM players who work with LOGbinder, many periodically review their SIEM, and still others are looking to deploy one that suits their need.

This week we heard from 2 SIEM product development teams who recently put a lot of work into improving their product to address customers’ application audit needs.

  • Intel Security’s McAfee ESM just updated their integration for all 3 LOGbinder solutions. McAfee ESM customers now have seamless access to the security events LOGbinder collects from Exchange, SharePoint and SQL Server. Get more information on the McAfee Enterprise Security Manager web page or download their SIEM Data Source Configuration for LOGbinder (18 March 2016 version).
  • Logsign, a SIEM solution based in Turkey, has developed an integration with LOGbinder for SQL Server. They report tremendous customer interest in SQL Server audit logging and recognized LOGbinder’s solution as the best fit. We’re happy to welcome Logsign to our list of SIEM Synergy partners! Read more about Logsign at www.logsign.com.

Please recognize McAfee ESM and Logsign for giving priority to application security audit with LOGbinder integration! We really appreciate the effort, but more important, their customers’ threat intelligence just got better.

There are of course other SIEM providers who put effort into offering their customers LOGbinder integration. Randy Franklin Smith from Ultimate Windows Security has compiled a list of the log management solutions that make it simple and painless to consume Exchange, SharePoint and/or SQL Server audit logs. You can browse his list here: https://www.ultimatewindowssecurity.com/recommended-SIEMs/Default.aspx. Note: the SIEMs who proactively built their own LOGbinder integrations are at the top of the list.

Tech Tip: .NET framework update incompatible with Exchange Server

Mon, 22 Feb 2016 09:46:37 GMT

On 10 February 2016 Microsoft posted a notice to remind customers that Exchange is not compatible with the .NET Framework 4.6.1 that was recommended as an update on 9 Feb 2016. In fact, there are known issues if the new version is installed.

The Exchange Team blog post told Exchange customers to delay upgrading to .NET Framework 4.6.1, and updated their post 12 Feb 2016 to provide the steps to roll back to .NET Framework 4.5.2 if the update took place. You can read the post here: http://blogs.technet.com/b/exchange/archive/2016/02/10/on-net-framework-4-6-1-and-exchange-compatibility.aspx.

LOGbinder is targeted to .NET Framework 3.5 for compatibility reasons. Many customers reported issues when we targeted 4.x.

Tech Tip: Diagnostic logs – Use them and let them go

Mon, 22 Feb 2016 09:46:25 GMT

Back in December we offered a tech tip to turn diagnostic logging on when troubleshooting. Like many things, diagnostics reach a point at which the diagnostic is complete. When this happens, turn off the diagnostic log function within LOGbinder! For one thing diagnostic logs can place a huge amount of data in the C:\Programdata\LOGbinderXX folder. More important, diagnostic logging slows down the processing speed of the LOGbinder service.

Unless our support team is working with you on an issue, you will want to turn diagnostic logging off to conserve system resources.

Monitoring Authentication and Logon Failures in SQL Server

Mon, 22 Feb 2016 09:46:04 GMT

Many attackers would trade domain authority for the real honey pot: read-access to your SQL Server databases. So how should you monitor authentication and/or logon failures to these sensitive information stores?

LOGbinder is sponsoring a free webinar to show you how to track these events, even if the attacker successfully authenticates via a stolen domain account but lacks access to the database.

This type of hands-on instruction is too important to miss. Registration is free and, as with all of the webinars from Ultimate Windows Security, registration will give you access to the recorded version so you can watch the presentation at a more convenient time.

To see attacks happening to your databases, you cannot rely simply on your domain controllers’ and Windows server security logs to monitor your SQL Server database(s). You must monitor events produced only by SQL Server itself.

In this webinar you will learn how to effectively do that – quickly and simply. Click here to read the webinar abstract and registration link.

previous | next

powered by Bloget™