VPN in Time of Pandemic: Best Practices In the times of the COVID-19 crisis, many employees are working from home. The general best practice is to allow them to connect to the corporate network through VPN. That is important for the security of the organization… Read More »VPN Logs: Best Practices of Monitoring and Detecting Anomalies
Log Integrity Capabilities of SIEMs Log integrity and non-repudiation are key properties of audit logs. As SIEMs are usually the way to collect audit logs (among many other things) in large organizations, we have to make sure they give us those properties. We have discussed previously that it’s not… Read More »Log Integrity: How SIEMs Address the Issue and Is It Enough?
The SentinelTrails add-on, LogSentinel’s blockchain-protected, secure audit trail, is now available on Heroku marketplace, starting at $0/mo. Swiftly deploy SentinelTrails add-on using Heroku, and ensure that all your logs, data and documents are protected. SentinelTrails Features Immutable Evidence The blockchain-based technology does not allow any… Read More »SentinelTrails Is Now Available On Heroku Beta
Logs are ubiquitous in IT – they are semi-structured pieces of information about the behavior of a system and its users. Many standards, regulations and best practices assume and require the existence of logs. Consequently, many systems collect those logs and make use of them for… Read More »Log Collectors Landscape: SIEM, Log Collectors, UEBA, and Audit Trail
It is for a good reason that “integrity” is one of the three main aspects of information security. Lack of data integrity can be a serious issue in many cases, as we have already discussed in our post “3 Reasons Not to Ignore Data Integrity”.… Read More »Does Your SIEM Guarantee Log Integrity? And Does It Make You Compliant?
Most large enterprises are using SAP’s ERP system. And the larger the enterprise is, the more compliance requirements it has to cover. This means, in part, that it’s vital to have the SAP Security Audit Log enabled, properly configured and properly protected. What is SAP Security Audit… Read More »How to Protect Your SAP Audit Logs
There are a lot of products that allow collecting data, aggregating it, and displaying it for security or monitoring purposes. That includes SIEMs (Security information and event management systems), UEBAs (User and entity behavior analytics), log collectors, and catch-all multi-purpose data platforms (like Splunk). And… Read More »Track Events You Have Not Tracked Before
Digital Identity is a hot topic and is applicable to a wide range of scenarios. Virtually any organization has some form of digital identity in order to authenticate its employees, and some organizations, like banks and governments, have been identity providers to millions of people… Read More »NIST: Digital Identity Requires Secure Audit Trail
Documents are at the center of many organizational processes. They make processes traceable and people accountable. However, documents are by default not protected from manipulation – anyone with access to a document can modify it and it will be hard to reconstruct the original document.… Read More »Protecting Documents Against Fraud and Manipulation With Blockchain
Audit logs are a core component for the security of every system – without them there’s no visibility of who did what and for what purpose. There are audits, there are forensic investigations after security incidents, there’s compliance – all of that is impossible without… Read More »Scanning for Logs to Be Secured by SentinelTrails
Many large organizations prefer to have their audit trail stored within their own infrastructure. Due to their structure and policies they are reluctant to use cloud services. Using a cloud service has the additional benefit of responsibility segregation – your sysadmins may not have the… Read More »Protecting On-Premise Audit Trail
We are happy to announce that you can now use SentinelTrails in your Heroku deployments. The SentinelTrails addon can be found here. SentinelTrails is a blockchain-enabled secure audit trail. It will help you take control of the data you store and will ease your log… Read More »Try SentinelTrails In Your Heroku Deployment
Identity and Access Management (IAM) is core to many enterprise architectures. Centralizing the authentication is mandatory once you have more than a few systems, and IAM providers fill that requirement nicely. On first thought it might seem blockchain has nothing to do with IAM. But… Read More »Blockchain Use-Cases for IAM
An audit trail (or audit log) is something both intuitive and misleading at the same time. There are many definitions of an audit trail, and all of them give you an idea of what it is about: A system that traces the detailed transactions relating… Read More »What is an Audit Trail in IT Context?
Data integrity, or the certainty that data has not been modified, is important in many cases – from communication protocols, through low-level data storage systems, to business-critical databases. Due to our reliance on the data we have, we need to guarantee it hasn’t been tampered… Read More »3 Reasons Not To Ignore Data Integrity
When audit logs are concerned, there are many ways to generate and collect them. Ideally, audit logs are generated in code, depending on the business logic of each application and sent for secure storage to another service, like SentinelTrails. However, refactoring a system to include… Read More »Flexible Log Collection: Configuring The LogSentinel Agent
Logs – every system has them, but companies don’t usually pay much attention to them. At least not until a problem occurs. Log aggregation solutions come handy in many scenarios – tracing production issues, alerting on service degradation, fixing bugs, forensics, fraud detection. We’ve argued,… Read More »Comparison: LogSentinel vs Splunk vs Loggly, etc.
A recent EU report on the cybersecurity of elections has warned member states of potential threats for the upcoming European elections. The US midterms are just a week away and concerns about the integrity of the election process are mounting. Even though very few countries vote online,… Read More »Election Security and the Importance of Audit Trail
The hype about GDPR is dying off, as apparently the world didn’t end on May 25th. However, best practices in data protection are still valid, and we’d like to focus on logging as one of them.