I don’t know if you’ve ever thought about it but it’s safe to say that Exchange has copies of at least portions of all the confidential data in your organization. At some point everything gets emailed. Well, you don’t usually email large confidential databases around but users certainly email reports based on that data. And in some cases a bad guy would rather have a nicely formatted, digested spreadsheet or report of confidential information rather than the raw data whose schema must be reverse engineered before they can make real use of it.
So that’s why I say Exchange has so much confidential information. Moreover, it’s full of the communications, decisions and thinking behind your organization’s most critical plans and operations. With advanced persistent threats and today's compliance, discovery, and liability concerns, management is increasingly concerned about having a high integrity audit trail of access to mailboxes as well as privileged activity by Exchange administrators.
Microsoft has risen to the occasion with new native audit capabilities in Exchange Server 2010 but, like many audit logs today, the information is trapped within the application and specific to Exchange, audit logs are maintained in mailboxes. There’s some limited capability to view audit logs within Exchange but I pity the person who tries to keep up with Exchange audit logs manually. Like every other audit log, there’s too much data. You’ve got to be able to reduce the data, filter the noise and produce reports that give you information instead raw, cryptic data.
Moreover, audit logs don't belong in the application they audit. Widely accepted best practices for information security mandate that audit logs be moved as frequently as possible to a separate, isolated log management system.
In this webinar, we will look at both audit capabilities in Exchange 2010 and examine your options for getting audit data out of Exchange and how, if possible, to get it into log management solutions. This is harder than it sounds and I'll demonstrate why. I think you will benefit by seeing how the event’s sponsor, EventTracker, solves this problem during A. N. Ananth’s presentation on EventTracker.
And for everyone that attends the live webinar, we'll be providing a very useful and technical whitepaper on monitoring and auditing Exchange that includes step by step directions for monitoring:
-
uptime status and health of Exchange Server
-
Antivirus Engine status
-
Exchange database and mailbox operations
-
configuration changes
-
non owner access to a mailbox
-
Active Sync usage, policy compliance
Don’t miss this real training for free (TM) and the technical whitepaper that goes with it.