Understanding Exchange 2010 Audit Logging

Webinar Registration

I don’t know if you’ve ever thought about it but it’s safe to say that Exchange has copies of at least portions of all the confidential data in your organization. At some point everything gets emailed. Well, you don’t usually email large confidential databases around but users certainly email reports based on that data. And in some cases a bad guy would rather have a nicely formatted, digested spreadsheet or report of confidential information rather than the raw data whose schema must be reverse engineered before they can make real use of it.

So that’s why I say Exchange has so much confidential information. Moreover, it’s full of the communications, decisions and thinking behind your organization’s most critical plans and operations. With advanced persistent threats and today's compliance, discovery, and liability concerns, management is increasingly concerned about having a high integrity audit trail of access to mailboxes as well as privileged activity by Exchange administrators.

Microsoft has risen to the occasion with new native audit capabilities in Exchange Server 2010 but, like many audit logs today, the information is trapped within the application and specific to Exchange, audit logs are maintained in mailboxes. There’s some limited capability to view audit logs within Exchange but I pity the person who tries to keep up with Exchange audit logs manually. Like every other audit log, there’s too much data. You’ve got to be able to reduce the data, filter the noise and produce reports that give you information instead raw, cryptic data.

Moreover, audit logs don't belong in the application they audit. Widely accepted best practices for information security mandate that audit logs be moved as frequently as possible to a separate, isolated log management system.

In this webinar, we will look at both audit capabilities in Exchange 2010 and examine your options for getting audit data out of Exchange and how, if possible, to get it into log management solutions. This is harder than it sounds and I'll demonstrate why. I think you will benefit by seeing how the event’s sponsor, EventTracker, solves this problem during A. N. Ananth’s presentation on EventTracker.

And for everyone that attends the live webinar, we'll be providing a very useful and technical whitepaper on monitoring and auditing Exchange that includes step by step directions for monitoring:

uptime status and health of Exchange Server
Antivirus Engine status
Exchange database and mailbox operations
configuration changes
non owner access to a mailbox
Active Sync usage, policy compliance

Don’t miss this real training for free (TM) and the technical whitepaper that goes with it.

First Name:	Required
Last Name:	Required
Work Email:	Required Invalid email address
Phone:	Required
Job Title:	Required
Organization:	Required
Country:	Required
City:	Required
State:	Required
Street Address:	RequiredRequired
Zip :	RequiredRequired
Industry :	RequiredRequired
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

Additional Resources

User name:
Password:
	/ Forgot?
	Register

July 2024 Patch Tuesday	"Patch Tuesday - Four Zero Days " - sponsored by Supercharger for Windows Event Collection

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.