What is XDR and what’s the difference with SIEM? XDR (Extended Detection and Response) is a new trend by large security vendors, and too often people find themselves asking “okay, what’s the difference with SIEM?”. According to Gartner, the main difference is that it is… Read More »SIEM and XDR: The Same Thing Under The Hood
GDPR enforcement (and therefore fines) has been on the rise recently. And after the initial “compliance on paper” that many consultants offered, it’s time to address the cybersecurity aspects underlying GDPR. We have previously addressed the logging requirements of GDPR and now we are going… Read More »The Importance Of Security Logs For GDPR Compliance
Audit logs are that thing that everyone has a good grasp about in theory, but is hard to define in practice. We have previously covered what is an audit log in IT context and now we’ll focus on why it’s important for security. Why Are… Read More »The Importance of Audit Logs for Security
Why is SIEM Important for Regulatory Compliance? A security information and event management (SIEM) system can improve the security of your business’ computer network with real-time automation, monitoring, logging and event alerts. By leveraging SIEM Software, your security team is able to track events concerning your company’s… Read More »Using SIEM for Regulatory Compliance: Importance, Best Practices, Use Cases
Cybersecurity is increasingly becoming a topic for legislators, especially for the public sector, critical infrastructure, healthcare, education, the financial and the insurance sectors. In the US, in addition to several federal laws (HIPAA, HITECH, GLBA, SOX, FISMA, CISA), there are many state-level laws that impose… Read More »US Cybersecurity Laws Overview And How SIEM Can Help
Logs in the IT context are a piece of evidence, automatically generated and time-stamped when a certain event happens. All information systems produce some kinds of logs. For the security and compliance teams, the most common usage of logs is detecting anomalous activities, validating a… Read More »Log Analytics for Business Process Management
VPN in Time of Pandemic: Best Practices In the times of the COVID-19 crisis, many employees are working from home. The general best practice is to allow them to connect to the corporate network through VPN. That is important for the security of the organization… Read More »VPN Logs: Best Practices of Monitoring and Detecting Anomalies
When a person hears the term “audit”, the first association is related to paper documentation requested, reviewed, and analyzed by the audit department on a regular basis or in case of fraud or abnormal activities. Nowadays, when all businesses are striving to go digital, audits… Read More »Audit Trail – Purpose, Importance and Best Practices
Log Integrity Capabilities of SIEMs Log integrity and non-repudiation are key properties of audit logs. As SIEMs are usually the way to collect audit logs (among many other things) in large organizations, we have to make sure they give us those properties. We have discussed previously that it’s not… Read More »Log Integrity: How SIEMs Address the Issue and Is It Enough?
Many organizations understand that the integrity of their audit trail is important only after a security incident takes place and they realize they cannot rely on their audit logs. Having had a lot of experience in this area here at LogSentinel, as an information security… Read More »Webinar: Audit Trail in Large Organisations
Logs are ubiquitous in IT – they are semi-structured pieces of information about the behavior of a system and its users. Many standards, regulations and best practices assume and require the existence of logs. Consequently, many systems collect those logs and make use of them for… Read More »Log Collectors Landscape: SIEM, Log Collectors, UEBA, and Audit Trail
It is for a good reason that “integrity” is one of the three main aspects of information security. Lack of data integrity can be a serious issue in many cases, as we have already discussed in our post “3 Reasons Not to Ignore Data Integrity”.… Read More »Does Your SIEM Guarantee Log Integrity? And Does It Make You Compliant?
Most large enterprises are using SAP’s ERP system. And the larger the enterprise is, the more compliance requirements it has to cover. This means, in part, that it’s vital to have the SAP Security Audit Log enabled, properly configured and properly protected. What is SAP Security Audit… Read More »How to Protect Your SAP Audit Logs
Non-repudiation is a key property in many contexts – it means that the author of some message cannot deny that they produced the message. This property has a particular meaning in the context of audit trail and logs in general. As pointed out by Eric Knapp:… Read More »Why You Need Non-Repudiation of Logs and How Blockchain Helps
There are a lot of products that allow collecting data, aggregating it, and displaying it for security or monitoring purposes. That includes SIEMs (Security information and event management systems), UEBAs (User and entity behavior analytics), log collectors, and catch-all multi-purpose data platforms (like Splunk). And… Read More »Track Events You Have Not Tracked Before
Digital Identity is a hot topic and is applicable to a wide range of scenarios. Virtually any organization has some form of digital identity in order to authenticate its employees, and some organizations, like banks and governments, have been identity providers to millions of people… Read More »NIST: Digital Identity Requires Secure Audit Trail
Audit logs are a core component for the security of every system – without them there’s no visibility of who did what and for what purpose. There are audits, there are forensic investigations after security incidents, there’s compliance – all of that is impossible without… Read More »Scanning for Logs to Be Secured by SentinelTrails
Many large organizations prefer to have their audit trail stored within their own infrastructure. Due to their structure and policies they are reluctant to use cloud services. Using a cloud service has the additional benefit of responsibility segregation – your sysadmins may not have the… Read More »Protecting On-Premise Audit Trail
An audit trail (or audit log) is something both intuitive and misleading at the same time. There are many definitions of an audit trail, and all of them give you an idea of what it is about: A system that traces the detailed transactions relating… Read More »What is an Audit Trail in IT Context?
A recent EU report on the cybersecurity of elections has warned member states of potential threats for the upcoming European elections. The US midterms are just a week away and concerns about the integrity of the election process are mounting. Even though very few countries vote online,… Read More »Election Security and the Importance of Audit Trail
The Mueller Indictment of 12 Russian agents was released last week. It is a very interesting read as a whole, but it outlines some particular aspects of cybersecurity. During the hacking of DCCC and DNC networks, the Conspirators covered their tracks by intentionally deleting logs [..]… Read More »The Mueller Indictment: Proof That You Need Secure Logs