Monitoring system logs is a good start but attackers don’t really care about your operating system or your firewall. They want the information in your applications. And compliance is about protecting that information.
Obviously your infrastructure must be secure because it’s the foundation upon which your applications run. But there’s a reason why most security incidents occur at the application layer:
- There are more end-users than administrators and end-users understand the application layer
- It’s easier to obtain and consume information at the application layer. For instance printing a report based on a SQL Database takes less authority, less system access and less technical skill than exporting the underlying tables. And exporting tables into a portable data format is usually easier than obtaining the physical files of the database and parsing them.
- End-users only have access to the application layer and it’s usually easier for external attackers to gain end-user access than take over an administrator’s account because…
- Admins are usually more security conscious than end-users
- End users typically fall prey to phishing and social engineering more easily than IT staff
- End user accounts and endpoints are traditionally less protected than those of privileged users
To achieve compliance and to stop APTs, your security analysts need to see what’s happening in your applications.
That means you need to put application audit logs where they belong – in your SIEM. Then correlate application security intelligence with the rest of your security activity. But getting application audit logs into your SIEM is surprisingly difficult.
In this webinar I’ll explain the challenges that arise when you try to get security activity from applications into your SIEM. Every application is different so we will focus on 3 key areas:
- SharePoint
- SQL Server
- Exchange
For each of these applications I’ll explain:
- Why you need security activity from this application in your SIEM
- What security events are available
- What routes if any are available to get logs out of the application and into your SIEM
Fittingly,
LOGbinder is sponsoring this webinar and I’ll show how LOGbinder bridges the gap between applications and SIEM. Security intelligence from the application layer is the next big frontier with security analytics and this webinar will show you how to make it happen.
Don’t miss this real training for free™ event.
Please register now!