Log Collectors - SIEM, Audit Trail, UEBA, Forensics logs

Log Collectors Landscape: SIEM, Log Collectors, UEBA, and Audit Trail

Logs are ubiquitous in IT – they are semi-structured pieces of information about the behavior of a system and its users. Many standards, regulations and best practices assume and require the existence of logs. Consequently, many systems collect those logs and make use of them for various purposes. Too often organizations have just one tool Read more about Log Collectors Landscape: SIEM, Log Collectors, UEBA, and Audit Trail[…]

The Need For A Chief IT Compliance Officer

Most organizations have clearly separated roles for the Chief Compliance Officer and Chief Technical Officer. And this has worked well up until recently, as most standards and regulations had mostly legal and procedural implications and technical input was rarely required. At the same time, the CTO has been responsible for the overall IT infrastructure with Read more about The Need For A Chief IT Compliance Officer[…]

Siem, log integrity and compliance

Does Your SIEM Guarantee Log Integrity? And Does It Make You Compliant?

It is for a good reason that “integrity” is one of the three main aspects of information security. Lack of data integrity can be a serious issue in many cases, as we have already discussed in our post “3 Reasons Not to Ignore Data Integrity”. But many times integrity is an abstract concept that one Read more about Does Your SIEM Guarantee Log Integrity? And Does It Make You Compliant?[…]

protecting SAP SAL

How to Protect Your SAP Audit Logs

Most large enterprises are using SAP’s ERP system. And the larger the enterprise is, the more compliance requirements it has to cover. This means, in part, that it’s vital to have the SAP Security Audit Log enabled, properly configured and properly protected. What is SAP Security Audit Log and How to Turn It On The Read more about How to Protect Your SAP Audit Logs[…]

Non-Repudiation of Logs and Blockchain

Why You Need Non-Repudiation of Logs and How Blockchain Helps

Non-repudiation is a key property in many contexts – it means that the author of some message cannot deny that they produced the message. This property has a particular meaning in the context of audit trail and logs in general. As pointed out by Eric Knapp: Non[-]repudiation refers to the process of ensuring that a Read more about Why You Need Non-Repudiation of Logs and How Blockchain Helps[…]

HIPAA IT REQUIREMENTS MAPPING

How To Cover HIPAA Security Rule Regarding Audit Trail

HIPAA, the US healthcare regulation, has some rigid requirements about data security and privacy. That aligns perfectly with LogSentinel’s mission so we decided to help our customers in their HIPAA compliance efforts by providing a clear mapping between HIPAA requirements and SentinelTrails functionality. # Requirement SentinelTrails Functionality §164.312. Technical safeguards 1. (b) Standard: Audit controls. Read more about How To Cover HIPAA Security Rule Regarding Audit Trail[…]

Log Collection - track what you have never tracked before

Track Events You Have Not Tracked Before

There are a lot of products that allow collecting data, aggregating it and displaying it for security or monitoring purposes. That includes SIEMs (Security information and event management systems), UEBAs (User and entity behavior analytics), log collectors and catch-all multi-purpose data platforms (like Splunk). And when you check what sources of data they support, it Read more about Track Events You Have Not Tracked Before[…]

Database Security and CCPA Compliance

California Consumer Privacy Act (CCPA) is the new privacy law in California that affects a lot of organizations due to its extraterritorial effect. We have already covered CCPA with a high-level overview, covering what is it about, who is bounded to comply with it, what are the penalties and what technical safeguards need are required. Read more about Database Security and CCPA Compliance[…]

blockchain-open-data

Blockchain and Open Data – LogSentinel Brings More Transparency to Government Audit Trail

Bulgarian e-government’s main data exchange component is storing its audit trail in LogSentinel’s SentinelTrails solution since June last year, as LogSentinel donated it to the state e-government agency. We have recently taken the solution a step further and introduced an open data functionality which makes the audit trail transparent. Open data is the concept that Read more about Blockchain and Open Data – LogSentinel Brings More Transparency to Government Audit Trail[…]

nist-cyber-security-requirements-logs-digital-identity

NIST: Digital Identity Requires Secure Audit Trail

Digital Identity is a hot topic and is applicable to a wide range of scenarios. Virtually any organization has some form of digital identity in order to authenticate its employees, and some organizations, like banks and governments, have been identity providers to millions of people for a while now. Two years ago, the US National Read more about NIST: Digital Identity Requires Secure Audit Trail[…]