Security, et al

Randy's Blog on Infosec and Other Stuff

«  9 Mistakes APT Victims Ma... | Security Log Secrets On-D... »

My new LOGbinder EX for Exchange Released: Bridge the Gap between Exchange and Your SIEM

Mon, 18 Feb 2013 14:51:34 GMT

I’m excited to announce the release of LOGbinder EX for Exchange Server which bridges the gap between Exchange and your SIEM. 

With today’s ever-growing compliance burden and threat-scape, obtaining visibility into the dominant messaging platform is crucial to security and business risk management for most organizations.

Thankfully, Exchange Server provides an audit trail of non-owner access to mailboxes as well as privileged activity by Exchange administrators.  

With mailbox auditing, you can detect

·         Users viewing an executive’s confidential email

·         Impersonated, fraudulent emails

·         Administrators exporting copies of entire mailboxes

·         Deletion of emails to cover up evidence

With administrator auditing, you can detect

·         Exports of mailboxes

·         Copies of entire mailbox databases

·         Security configuration changes to Exchange

·         Access control changes to groups, roles, and permissions

·         Modifications to Exchange policies involving retention, mobile device policy, information rights management, federation, and more

But, like many application audit logs today, the information is trapped within the application and specific to Exchange, audit logs are actually maintained in mailboxes. Applications benefit from internal audit capability but ultimately audit logs should be copied as frequently as possible to a separate, isolated log management system.

LOGbinder EX efficiently process native Exchange audit data and translates cryptic codes, yielding an easy-to-understand Exchange audit log to the Windows event log or syslog where any log management/SIEM solution can take over with collection, alerting, reporting, and secure archival. LOGbinder EX performs these functions on both the administrator audit log and the mailbox audit log.

LOGbinder EX can be installed on most any server in your domain; there's no need to install it on any of your Exchange servers thus preventing impact on production mail flow.

Exchange audit logs need to be monitored and they belong in your SIEM.  Use LOGbinder EX to bridge the gap.

Please download LOGbinder today or contact us for a demo.  I’ve also got a whitepaper that explains Exchange Server’s 3 Audit Logs and how LOGbinder and your SIEM fit in.  Click here to read the whitepaper.

email this digg reddit dzone
comments (0)references (0)

Related:
5 Indicators of Endpoint Evil
Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online
Live with Dell at RSA 2015
Severing the Horizontal Kill Chain: The Role of Micro-Segmentation in Your Virtualization Infrastructure

Comments disabled

powered by Bloget™

Search


Categories
Recent Blogs
Archive


 

Additional Resources