One of the biggest gaps that worries me in information security these days is the blind spots in our security monitoring. We've made good progress with implementing SIEMs but many are at the bottom rung of the SIEM maturity model because we are only seeing security activity at the lowest layer: operating system and network. But most information theft takes place at the higher layers of database and application. So why are we so blind at those levels?
SharePoint is a great example of this dilemma. SharePoint host our greatest secrets in their most refined and easily consumed format – documents. SharePoint is a high level application with a large attack surface. Bad guys can target SharePoint at 4 levels:
- Application
- Web server
- Database
- Operating system level
Which levels would your SIEM alert you to right now? At which levels do you have no clue whether you are being attacked right now?
In this webinar I’ll explore all 4 levels of SharePoint and show you how to enable auditing, which events you should be monitoring and how to get that information into your SIEM.
LOGbinder is our sponsor and you’ll see the integral part it plays at the application and database level.
Don't miss this real training for free ™ event. Please register now.