Running the SANS Top 5 Essential Log Reports with Activeworx Security Center
|
|
- Shawn Campbell
- 8 years ago
- Views:
Transcription
1 Running the SANS Top 5 Essential Log Reports with Activeworx Security Center Creating valuable information from millions of system events can be an extremely difficult and time consuming task. Particularly when these events are being generated on disparate devices such as firewalls, IPS/IDS appliances or different server operating systems the challenges are two fold. Firstly collecting all the data and then generating valuable reports or analysis based on potentially millions of different events. As we shall see in the following exercises the key to running these reports is, know what you are looking for. Activeworx Security Center (ASC) is designed to help you build intelligence and increase the visibility of your network based on a large amount of seemingly unrelated security events. This is most obvious and valuable when running reports either for compliance or internal security analysis. Many security organizations around the world are working hard to develop standards for reporting with recommendations on what types of report can be most useful and for whom. In the following section we will take the Top 5 Essential Log Reports as recommended by the SANS Institute and see how ASC can effectively address these best practices with built-in and customizable reports. Top 5 Essential Log Reports as recommended by SANS Institute: 1) Attempts to Gain Access through Existing Accounts 2) Failed File or Resource Access Attempts 3) Unauthorized Changes to Users, Groups and Services 4) Systems Most Vulnerable to Attack 5) Suspicious or Unauthorized Network Traffic Patterns
2 Attempts to Gain Access through Existing Accounts As described by SANS, failed authentication attempts can indicate a user or malicious program attempting to crack a password or access a resource that is not allowed. Logon Reports are extremely important when attempting to mine through all of the logon events generated for example on a Windows Active Directory environment. Activeworx Security Center includes several built-in Logon reports that will help create Logon Reports that best suits your environment. These built-in tasks will automatically generate reports based on Windows Authentication events as well as provide the flexibility for you to customize the logon report to target a specific type of authentication (i.e. Failed Logons, specific UserID, or target Host). To Run a Built-in ASC Authentication Report: 1. Open the ASC Desktop, click on the Report Center Icon. 2. Select your Database and expand Standard Reports. 3. Select Logon Events by User or by Host. 4. Set your Time Filter by hour, day, week, or month and your Style, Detailed (displaying the text of each event message) or Grouped (describing an event once with a number of occurrences which corresponds to a particular event) Click Run Report and export to any format available (pdf, html, csv, etc...)
3 To Customize a Built-in ASC Authentication Report to Show Only Failures: 1. Open the ASC Desktop, click on the Task Manager Icon. 2. On the right side under Output, select Report. 3. Select your database, Date filter, and Time filter. 4. Add a Filter using the Filter Wizard to check for a particular Event Name. 5. Click Start. In this case we have created a Logon Failure Report by Windows Username. Example Task Filter Sample Logon Failure Report
4 Failed Resource or File Access Attempts Failed resource or file access attempts are an extremely broad category but depending on your role as a security administrator or manager some types of reports may be more appropriate than others. ASC is a complete Security Information and Event Management (SIEM) tool that can prove useful when analyzing many different events, so it can be just as useful for firewall and Windows administrators or even security managers that need to have a broader picture of an organizations entire security posture. Common categories of resources to monitor could include Network Traffic, such as denied attempts to communicate on unauthorized ports for a firewall, or File Access attempts for a Windows system. These reports and many more are built into ASC to help as an early indication of an attacker probing a system. Below are examples of both built-in and custom reports for Firewall and Windows event data. To Run a Built-in ASC Firewall Report: 1. Open the ASC Desktop, click on the Report Center Icon. 2. Select your Firewall Database and expand Standard Reports. 3. Select one of the built-in Reports such as Events by Destination or Source IP, by Host or any other criteria you would like. 4. Set your Time Filter and Style. 5. Click Run Report and export to any format available (pdf, html, csv, etc...).
5 To Customize a Built-in ASC Firewall Report To Show Only Denied Packets: 1. Open the ASC Desktop, click on the Task Manager Icon. 2. On the right side under Output, select Report. 3. Select your Firewall Database, Date filter, and Time filter. 4. Add a Filter using the Filter Wizard to check for a particular Action taken. 5. Click Save to make this report available in the future and Click Start. Example Task Filter Sample Denied Network Access Attempts Report
6 To Customize a Windows Failed File Access Report: 1. Verify your Windows System is configured for Auditing on the File or Directory. 2. Verify that your Windows Local or Group Policy Object has Object Access Auditing enabled for at least Failure (You may begin to see Event ID 560 Failed and/or Successful which directly match Windows rules available within ASC). 3. Open the ASC Desktop, click on the Task Manager Icon. 4. Select your AEF Event Database, Action, Date filter, Time filter and Output. 5. Add a Filter using the Filter Wizard to check for a particular Rule ID. Click Save to make this report available in the future and Click Start. NOTE: ASC Rule IDs may vary depending on your installation. Example Task Filter Sample Failed File Access Report
7 Unauthorized Changes to Users, Groups and Services Monitoring changes to Users, Groups, and Services, especially in a Windows environment, is a crucial part of security. The assigning of group memberships, the creating of users or the addition of system services can all be considered a vehicle for escalating privileges as well as attacking a network from within. Windows typically logs both Directory Services access as well as Account Management activity. Of the two the easiest to understand is Account Management auditing events. Windows offers five different event IDs for each group type and scope combination available in Windows. The 5 events correspond to the 5 operations Windows audits for each group: creation, change, deletion, member added and member removed. The following table shows the event IDs. Type Scope Created Changed Deleted Member Added Removed Security Local Global Universal Distribution Local Global Universal There are also other Security Related events such as Password Policy Change that would be useful to track. From an access control auditing perspective, the most important column would have to be member added since that operation usually corresponds to a user being granted new access. As you can see, Audit account management provides a wealth of information for tracking changes to your users and groups in Active Directory however most of these changes may be legitimate, so how do you filter through the false positives? This is a more difficult task. With ASC it is easy to identify a group of Windows Security Events that you would like to report on. In this case we know that Windows Account Management events correspond to Event IDs per the table above. We have matched these Event IDs to Rule IDs within ASC and have added a couple more for good measure. The resulting Report Task is called Windows Account Management Report. To Customize a Windows Account Management Report by User or Destination Host: 1. Verify that your Windows Local or Group Policy Object has Account Management Auditing enabled for both Success and Failure (You may begin to see Event IDs Failed and Successful in your Windows Security Event logs, these events directly match rules available within ASC). 2. Open the ASC Desktop, click on the Task Manager Icon. 3. Select your AEF Event Database, Date filter, Action, Time filter and Output. 4. Add a Filter using the Filter Wizard to check for greater than and less than a particular set of Rule IDs. 5. Click Save to make this report available in the future and Click Start. NOTE: ASC Rule IDs may vary depending on your ASC installation
8 Example Task Filter Sample Windows Account Management Reports by User or Destination Host:
9 NOTE: A report layout can be changed with just one click in ASC. Go to the Task Manager and change the Type of report to any one of over a dozen different layouts. Systems Most Vulnerable to Attack Vulnerabilities are an essential aspect of security, without them there is no way to paint a picture of exactly what a system or network is vulnerable to, more importantly they help prioritize and focus scarce IT resources. Vulnerability scans provide the context in which security events coming from IDS/IPS, firewalls, and servers must be interpreted. ASC allows for the automated importing of vulnerability scans from popular open source tools such as Nessus as well as commercial scanners such as ISS Internet Scanner, GFI, REM, and more. All of these vulnerabilities once imported into ASC can be reported on, correlated, and analyzed in many different ways. To Run a Built-in ASC Vulnerability Report: 1. Open the ASC Desktop, click on the Report Center Icon. 2. Select your AEF Database and expand Standard Reports. 3. Select one of the built-in Vulnerability Reports such as by Host or by Name. 4. Set your Time Filter and Style. 5. Click Run Report and export to any format available (pdf, html, csv, etc...).
10 To Customize a Vulnerability Report by Risk: 1. Open the ASC Desktop, click on the Task Manager Icon. 2. Select your AEF Event Database, Date filter, Action, Time filter and Output to Report 3. Select Type as Vulnerabilities by either Name or by Host. 4. Add a Filter using the Filter Wizard to check for Risk equal to High. 5. Click Save to make this report available in the future, then Click Start. Example Task Filter Sample High Risk Vulnerability Report by Name
11 Suspicious or Unauthorized Network Traffic Patterns Unexpected network traffic from one segment of the network to another, or from your internal LAN to the Internet, can be serious cause for concern. It almost always indicates some sort of policy violation. Usually reports associated with this type of anomalous activity are quite short and useful because they indicate exactly what type of unauthorized activity is occurring. The following is an example of a custom ASC report based on the need to identify a particular type of traffic coming from one segment of the LAN to another meant identifying these types of unauthorized network traffic patterns. To Customize an ASC Unauthorized Network Traffic Report: 1. Open the ASC Desktop, click on the Task Manager Icon. 2. Select your Firewall Database, Date filter, Action, Time filter and Output (Report). 3. Select Type as Firewall Destination Port Grouped. 4. Add a Filter using the Filter Wizard to check for IPs that match * (assuming a DMZ of x.x and an Internal LAN of 10.x for example) and Action equal to Deny. 5. Click Save to make this report available in the future, then Click Start. Example Task Filter NOTE: Keep in mind that there are plenty of built-in reports that make running these types of reports quite easy and straight forward using ASC. However, every network is different, which means that many of the built-in ASC reports can serve as fantastic templates for the running of these reports but they do not always address the custom needs of every administrator. This is why the ASC Task Manager is a key component that we have discussed in detail within this paper. The Task Manager will allow very detailed filtering of your events and the more effective your task filters, the more valuable and precise all of these reports become.
12 Sample Unauthorized DMZ Traffic Report Summary The volume of Network traffic and the sheer number of security events are increasing on a daily basis, overwhelming network devices and security administrators. Adding to that, continuous malware attacks, increasing regulatory compliance and network perimeters that extend to an employee s home PC, creating valuable reports has become a significant challenge. Organizations such as NIST, SANS, and many others have contributed by providing documentation helping organizations put in real terms, what types of reports are valuable and to whom. One such document, the SANS Top 5 Essential Log Reports, covers what reports are essential for any organization concerned about security. You ll be able to run all of these reports and more using the Activeworx Security Center Reporting Engine and Task Manager. Once it is determined by your organization which reports are important, these can be scheduled to run automatically. These summary reports can be ed as PDF s to managers, loaded onto a website as HTML or uploaded to a network share for easy access. Reporting on all these types of activity is increasingly important for visibility and compliance; however, correlating these events across the network could mean the difference between thousands of independent false positive events and just a handful of meaningful, correlated high-priority events.
13 For more information on any of the ASC components including the Correlation and Scheduling Engines visit
SANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationConfiguring User Identification via Active Directory
Configuring User Identification via Active Directory Version 1.0 PAN-OS 5.0.1 Johan Loos johan@accessdenied.be User Identification Overview User Identification allows you to create security policies based
More informationNessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9)
Nessus Enterprise Cloud User Guide October 2, 2014 (Revision 9) Table of Contents Introduction... 3 Nessus Enterprise Cloud... 3 Subscription and Activation... 3 Multi Scanner Support... 4 Customer Scanning
More informationWhite Paper: Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements
White Paper: Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements The benefits of QRadar for protective monitoring of government systems as required by the UK Government Connect
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationCompliance Guide: PCI DSS
Compliance Guide: PCI DSS PCI DSS Compliance Compliance mapping using Huntsman INTRODUCTION The Payment Card Industry Data Security Standard (PCI DSS) was developed with industry support by the PCI Security
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationITEC441- IS Security. Chapter 15 Performing a Penetration Test
1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and
More informationSolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements
SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements SolarWinds Security Information Management in the Payment Card
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationFive Ways to Use Security Intelligence to Pass Your HIPAA Audit
e-book Five Ways to Use Security Intelligence to Pass Your HIPAA Audit HIPAA audits on the way 2012 is shaping up to be a busy year for auditors. Reports indicate that the Department of Health and Human
More informationMeeting and Exceeding GSI/GCSx Information Security Monitoring Requirements with Enterasys SIEM
Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements with Enterasys SIEM The benefits of Enterasys SIEM for protective monitoring of government systems as required by the UK Government
More informationAutomate PCI Compliance Monitoring, Investigation & Reporting
Automate PCI Compliance Monitoring, Investigation & Reporting Reducing Business Risk Standards and compliance are all about implementing procedures and technologies that reduce business risk and efficiently
More informationO N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response workflow guide. This guide has been created especially for you for use in within your security
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationHow To Manage Sourcefire From A Command Console
Sourcefire TM Sourcefire Capabilities Store up to 100,000,000 security & host events, including packet data Centralized policy & sensor management Centralized audit logging of configuration & security
More informationFISMA / NIST 800-53 REVISION 3 COMPLIANCE
Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security
More informationCrossTec Corporation. Evaluator s Guide. Activeworx Security Center 4.5
CrossTec Corporation Evaluator s Guide Activeworx Security Center 4.5 Activeworx Security Center 4.5 Evaluator s Guide PREPARED BY GARY CONKLE CONTRIBUTIONS BY JEFF DELL CrossTec Corporation 500 NE Spanish
More informationQRadar SIEM 6.3 Datasheet
QRadar SIEM 6.3 Datasheet Overview Q1 Labs flagship solution QRadar SIEM is unrivaled in its ability to provide an organization centralized IT security command and control. The unique capabilities of QRadar
More informationState Grant Information Technology Application
The makes grant information accessible to EPA Personnel, OMB, and State agencies. Grant pages contain general information as well as electronic copies of workplans and progress reports. The information
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationCTS2134 Introduction to Networking. Module 8.4 8.7 Network Security
CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by
More informationMANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s
More informationAdvanced Event Viewer Manual
Advanced Event Viewer Manual Document version: 2.2944.01 Download Advanced Event Viewer at: http://www.advancedeventviewer.com Page 1 Introduction Advanced Event Viewer is an award winning application
More informationLogRhythm and PCI Compliance
LogRhythm and PCI Compliance The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent
More informationCisco IPS Tuning Overview
Cisco IPS Tuning Overview Overview Increasingly sophisticated attacks on business networks can impede business productivity, obstruct access to applications and resources, and significantly disrupt communications.
More informationAn Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011
An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011 Brian McLean, CISSP Sr Technology Consultant, RSA Changing Threats and More Demanding Regulations External
More informationLOG INTELLIGENCE FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become
More informationIBM Security QRadar Vulnerability Manager Version 7.2.1. User Guide
IBM Security QRadar Vulnerability Manager Version 7.2.1 User Guide Note Before using this information and the product that it supports, read the information in Notices on page 61. Copyright IBM Corporation
More informationTHE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.
THE 2014 THREAT DETECTION CHECKLIST Six ways to tell a criminal from a customer. Telling criminals from customers online isn t getting any easier. Attackers target the entire online user lifecycle from
More informationGuideline on Auditing and Log Management
CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationQuick Start Guide: Utilizing Nessus to Secure Microsoft Azure
Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure Introduction Tenable Network Security is the first and only solution to offer security visibility, Azure cloud environment auditing, system
More informationIntegrating LANGuardian with Active Directory
Integrating LANGuardian with Active Directory 01 February 2012 This document describes how to integrate LANGuardian with Microsoft Windows Server and Active Directory. Overview With the optional Identity
More informationSTARTER KIT. Infoblox DNS Firewall for FireEye
STARTER KIT Introduction Infoblox DNS Firewall integration with FireEye Malware Protection System delivers a unique and powerful defense against Advanced Persistent Threats (APT) for business networks.
More informationNetwork Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion
Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationTop 20 Critical Security Controls
Top 20 Critical Security Controls July 2015 Contents Compliance Guide 01 02 03 04 Introduction 1 How Rapid7 Can Help 2 Rapid7 Solutions for the Critical Controls 3 About Rapid7 11 01 INTRODUCTION The Need
More informationConfiguration Information
Configuration Information Email Security Gateway Version 7.7 This chapter describes some basic Email Security Gateway configuration settings, some of which can be set in the first-time Configuration Wizard.
More informationThis exhibit describes how to upload project information from Estimator (PC) to Trns.port PES (server). Figure 1 summarizes this process.
Facilities Development Manual Chapter 19 Plans, Specifications and Estimates Section 5 Estimates Wisconsin Department of Transportation Exhibit 10.5 Uploading project from Estimator to Trns port PES September
More informationEnabling Security Operations with RSA envision. August, 2009
Enabling Security Operations with RSA envision August, 2009 Agenda What is security operations? How does RSA envision help with security operations? How does RSA envision fit with other EMC products? If
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More information4. Getting started: Performing an audit
4. Getting started: Performing an audit Introduction Security scans enable systems administrators to identify and assess possible risks within a network. Through GFI LANguard N.S.S. this is performed automatically,
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationSECURE YOUR DATA EXCHANGE WITH SAFE-T BOX
SECURE YOUR DATA EXCHANGE SAFE-T BOX WHITE PAPER Safe-T. Smart Security Made Simple. 1 The Costs of Uncontrolled Data Exchange 2 Safe-T Box Secure Data Exchange Platform 2.1 Business Applications and Data
More informationrating of 5 out 5 stars
SPM User Guide Contents Aegify comprehensive benefits... 2 Security Posture Assessment workflow... 3 Scanner Management... 3 Upload external scan output... 6 Reports - Views... 6 View Individual Security
More informationPolicy Compliance. Getting Started Guide. January 22, 2016
Policy Compliance Getting Started Guide January 22, 2016 Copyright 2011-2016 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks
More informationwhitepaper The Benefits of Integrating File Integrity Monitoring with SIEM
The Benefits of Integrating File Integrity Monitoring with SIEM Security Information and Event Management (SIEM) is designed to provide continuous IT monitoring, actionable intelligence, incident response,
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationA CrossTec Corporation. Instructional Setup Guide. Activeworx Security Center Quick Install Guide
A CrossTec Corporation Instructional Setup Guide Activeworx Security Center Quick Install Guide PREPARED BY GARY CONKLE Activeworx Basic Installation and Configuration Guide CrossTec Corporation 500 NE
More informationServer Account Management
Server Account Management Setup Guide Contents: About Server Account Management Setting Up and Running a Server Access Scan Addressing Server Access Findings View Server Access Scan Findings Act on Server
More informationMANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both.
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationConfiguration Information
This chapter describes some basic Email Security Gateway configuration settings, some of which can be set in the first-time Configuration Wizard. Other topics covered include Email Security interface navigation,
More informationLOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach
More informationMatriXay Database Vulnerability Scanner V3.0
MatriXay Database Vulnerability Scanner V3.0 (DAS- DBScan) - - - The best database security assessment tool 1. Overview MatriXay Database Vulnerability Scanner (DAS- DBScan) is a professional tool with
More informationNessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9)
Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9) Table of Contents Introduction... 3 Nessus Perimeter Service... 3 Subscription and Activation... 3 Multi Scanner Support...
More informationPCI Compliance. Network Scanning. Getting Started Guide
PCI Compliance Getting Started Guide Qualys PCI provides businesses, merchants and online service providers with the easiest, most cost effective and highly automated way to achieve compliance with the
More informationAlienVault. Unified Security Management (USM) 5.1 Running the Getting Started Wizard
AlienVault Unified Security Management (USM) 5.1 Running the Getting Started Wizard USM v5.1 Running the Getting Started Wizard, rev. 2 Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault
More informationWatchDox Administrator's Guide. Application Version 3.7.5
Application Version 3.7.5 Confidentiality This document contains confidential material that is proprietary WatchDox. The information and ideas herein may not be disclosed to any unauthorized individuals
More informationCollege of Education Computer Network Security Policy
Introduction The College of Education Network Security Policy provides the operational detail required for the successful implementation of a safe and efficient computer network environment for the College
More informationLab 8.4.2 Configuring Access Policies and DMZ Settings
Lab 8.4.2 Configuring Access Policies and DMZ Settings Objectives Log in to a multi-function device and view security settings. Set up Internet access policies based on IP address and application. Set
More informationUSM IT Security Council Guide for Security Event Logging. Version 1.1
USM IT Security Council Guide for Security Event Logging Version 1.1 23 November 2010 1. General As outlined in the USM Security Guidelines, sections IV.3 and IV.4: IV.3. Institutions must maintain appropriate
More informationSecurityCenter 5.1 with Nessus Agent Support. October 22, 2015
SecurityCenter 5.1 with Nessus Agent Support October 22, 2015 Table of Contents Introduction... 3 Adding an Agent Repository... 6 Add Agent Scans and Import Agent Scan Results... 7 Tips and Tricks... 8
More informationUnified Security Management (USM) 5.2 Vulnerability Assessment Guide
AlienVault Unified Security Management (USM) 5.2 Vulnerability Assessment Guide USM 5.2 Vulnerability Assessment Guide, rev 1 Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,
More informationIntel Security Certified Product Specialist Security Information Event Management (SIEM)
Intel Security Certified Product Specialist Security Information Event Management (SIEM) Why Get Intel Security Certified? As technology and security threats continue to evolve, organizations are looking
More informationFAQ S: TRUSTWAVE TRUSTKEEPER PCI MANAGER
FAQ S: TRUSTWAVE TRUSTKEEPER PCI MANAGER SAQ FAQ S Q: Should I complete the PCI Wizard or should I go straight to the PCI Forms? A: The PCI Wizard has been designed to simplify the self-assessment requirement
More informationSAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)
SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationREDSEAL NETWORKS SOLUTION BRIEF. Proactive Network Intelligence Solutions For PCI DSS Compliance
REDSEAL NETWORKS SOLUTION BRIEF Proactive Network Intelligence Solutions For PCI DSS Compliance Overview PCI DSS has become a global requirement for all entities handling cardholder data. A company processing,
More informationADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT
ADDING NETWORK INTELLIGENCE INTRODUCTION Vulnerability management is crucial to network security. Not only are known vulnerabilities propagating dramatically, but so is their severity and complexity. Organizations
More informationNetFlow Analytics for Splunk
NetFlow Analytics for Splunk User Manual Version 3.5.1 September, 2015 Copyright 2012-2015 NetFlow Logic Corporation. All rights reserved. Patents Pending. Contents Introduction... 3 Overview... 3 Installation...
More informationSonicWALL PCI 1.1 Implementation Guide
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
More informationIBM. Vulnerability scanning and best practices
IBM Vulnerability scanning and best practices ii Vulnerability scanning and best practices Contents Vulnerability scanning strategy and best practices.............. 1 Scan types............... 2 Scan duration
More informationMANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But
More informationThe Comprehensive Guide to PCI Security Standards Compliance
The Comprehensive Guide to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment
More informationIBM Security QRadar Vulnerability Manager Version 7.2.6. User Guide IBM
IBM Security QRadar Vulnerability Manager Version 7.2.6 User Guide IBM Note Before using this information and the product that it supports, read the information in Notices on page 91. Product information
More informationRSA Security Anatomy of an Attack Lessons learned
RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack
More informationLOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE As part of the Tripwire VIA platform, Tripwire Log Center offers out-of-the-box integration with Tripwire Enterprise to offer visibility
More informationIntroduction to Endpoint Security
Chapter Introduction to Endpoint Security 1 This chapter provides an overview of Endpoint Security features and concepts. Planning security policies is covered based on enterprise requirements and user
More informationCorreLog Alignment to PCI Security Standards Compliance
CorreLog Alignment to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment
More informationMarch 2012 www.tufin.com
SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...
More informationStrategic Asset Tracking System User Guide
Strategic Asset Tracking System User Guide Contents 1 Overview 2 Web Application 2.1 Logging In 2.2 Navigation 2.3 Assets 2.3.1 Favorites 2.3.3 Purchasing 2.3.4 User Fields 2.3.5 History 2.3.6 Import Data
More informationSysPatrol - Server Security Monitor
SysPatrol Server Security Monitor User Manual Version 2.2 Sep 2013 www.flexense.com www.syspatrol.com 1 Product Overview SysPatrol is a server security monitoring solution allowing one to monitor one or
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationCloudPassage Halo Technical Overview
TECHNICAL BRIEF CloudPassage Halo Technical Overview The Halo cloud security platform was purpose-built to provide your organization with the critical protection, visibility and control needed to assure
More informationF5 and Microsoft Exchange Security Solutions
F5 PARTNERSHIP SOLUTION GUIDE F5 and Microsoft Exchange Security Solutions Deploying a service-oriented perimeter for Microsoft Exchange WHAT'S INSIDE Pre-Authentication Mobile Device Security Web Application
More informationHow To - Implement Clientless Single Sign On Authentication with Active Directory
How To Implement Clientless Single Sign On in Single Active Directory Domain Controller Environment How To - Implement Clientless Single Sign On Authentication with Active Directory Applicable Version:
More informationSecret Server Qualys Integration Guide
Secret Server Qualys Integration Guide Table of Contents Secret Server and Qualys Cloud Platform... 2 Authenticated vs. Unauthenticated Scanning... 2 What are the Advantages?... 2 Integrating Secret Server
More informationWhat is the Barracuda SSL VPN Server Agent?
The standard communication model for outgoing calls is for the appliance to simply make a direct connection to the destination host. This paradigm does not suit all business needs. The Barracuda SSL VPN
More informationAppalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2
Report No. 13-35 September 27, 2013 Appalachian Regional Commission Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning
More informationJuniper Secure Analytics Release Notes
Juniper Secure Analytics Release Notes 2014.5 February 2016 Juniper Networks is pleased to introduce JSA 2014.5. Juniper Secure Analytics (JSA) 2014.5 Release Notes provides new features, known issues
More informationFile Management Utility User Guide
File Management Utility User Guide Legal Notes Unauthorized reproduction of all or part of this guide is prohibited. The information in this guide is subject to change without notice. We cannot be held
More informationComputer and Network Security Policy
Coffeyville Community College Computer and Network Security Policy Created By: Jeremy Robertson Network Administrator Created on: 6/15/2012 Computer and Network Security Page 1 Introduction: The Coffeyville
More informationGE Measurement & Control. Cyber Security for NEI 08-09
GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4
More informationPenetration Testing Report Client: Business Solutions June 15 th 2015
Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com
More informationSB34: Event Logs Don t Lie: Step-by-Step Security. Rick Simonds, Sage Data Security
SB34: Event Logs Don t Lie: Step-by-Step Security Rick Simonds, Sage Data Security AGENDA 1. Learn best practices for event and audit log review. 2. Learn which devices to track and monitor. 3. Learn how
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationTenable for CyberArk
HOW-TO GUIDE Tenable for CyberArk Introduction This document describes how to deploy Tenable SecurityCenter and Nessus for integration with CyberArk Enterprise Password Vault. Please email any comments
More information