Ultimate Windows Security for ArcSight. YOUR COMPLETE ARCSIGHT SOLUTION FOR MICROSOFT WINDOWS Product Overview - October 2012



Similar documents
Protection & Compliance are you capturing what s going on? Alistair Holmes. Senior Systems Consultant

White Paper. PCI Guidance: Microsoft Windows Logging

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite.

Reports, Features and benefits of ManageEngine ADAudit Plus

Netwrix Auditor. Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure

Reports, Features and benefits of ManageEngine ADAudit Plus

Overcoming Active Directory Audit Log Limitations. Written by Randy Franklin Smith President Monterey Technology Group, Inc.

Active Directory 2008 Audit Management Pack Guide for Operations Manager 2007 and Essentials 2010

NETWRIX EVENT LOG MANAGER

Enforcive / Enterprise Security

Adopt and implement privacy procedures, train employees on requirements, and designate a responsible party for adopting and following procedures

Secrets of Event Viewer for Active Directory Security Auditing Lepide Software

Find the Who, What, Where and When of Your Active Directory

Keeping Tabs on the Top 5 Critical Changes in Active Directory with Netwrix Auditor

QRadar SIEM 6.3 Datasheet

Q1 Labs Corporate Overview

Analyzing Logs For Security Information Event Management

How to Audit the 5 Most Important Active Directory Changes

Vulnerability. Management

IBM Tivoli Compliance Insight Manager

Implementing HIPAA Compliance with ScriptLogic

What is Security Intelligence?

Netwrix Auditor for Exchange

Best Practices for Auditing Changes in Active Directory WHITE PAPER

Active Directory Auditing The Need and Result

JIJI AUDIT REPORTER FEATURES

How To Manage A Privileged Account Management

Enterprise Security Solutions

Clavister InSight TM. Protecting Values

LEPIDEAUDITOR SUITE- DATASHEET

Netwrix Auditor for SQL Server

Hard Disk Space Management

Defining, building, and making use cases work

How To Buy Nitro Security

Netwrix Auditor for Active Directory

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

How IT Can Aid Sarbanes Oxley Compliance

7 Tips for Achieving Active Directory Compliance. By Darren Mar-Elia

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

How To Manage Log Management

Netwrix Auditor for SQL Server

Netwrix Auditor for Windows File Servers

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

Netwrix Auditor for Windows Server

1. Thwart attacks on your network.

Netwrix Auditor. Сomplete Visibility into IT Infrastructure Changes and Data Access. netwrix.com netwrix.com/social

Security Information Lifecycle

Windows NT Server Operating System Security Features Carol A. Siegel Payoff

Developing Value from Oracle s Audit Vault For Auditors and IT Security Professionals

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

Defending the Database Techniques and best practices

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

Netwrix Auditor for File Servers

ACS Noise Filter Guide

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

NetWrix Logon Reporter V 2.0

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Netwrix Auditor. CEF Export Add-on Quick-Start Guide. Version: 8.0 6/3/2016

NetWrix USB Blocker Version 3.6 Quick Start Guide

Monitoring Windows Workstations Seven Important Events

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

Active Directory Change Notifier Quick Start Guide

Log Management Standard 1.0 INTRODUCTION 2.0 SYSTEM AND APPLICATION MONITORING STANDARD. 2.1 Required Logging

Netwrix Auditor. Administrator's Guide. Version: /30/2015

Analyzing Logs For Security Information Event Management Whitepaper

HIGH-RISK USER MONITORING

Sarbanes-Oxley Act. Solution Brief. Sarbanes-Oxley Act. Publication Date: March 17, EventTracker 8815 Centre Park Drive, Columbia MD 21045

Vendor Questionnaire

The Evolution of Application Monitoring

Analyzing Logs For Security Information Event Management Whitepaper

High End Information Security Services

Security Information and

An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011

NETWRIX IDENTITY MANAGEMENT SUITE

CorreLog: Mature SIEM Solution on Day One Paul Gozaloff, CISSP. Presentation for SC Congress esymposium CorreLog, Inc. Tuesday, August 5, 2014

Quest InTrust. Change auditing and policy compliance for the secure enterprise. May Copyright 2006 Quest Software

Scalability in Log Management

Configuration Information

What s New Guide. Active Administrator 6.0

NetWrix Exchange Mail Archiver Version 1.5 Administrator Guide

Running the SANS Top 5 Essential Log Reports with Activeworx Security Center

Security Information & Event Management A Best Practices Approach

Filling the Gap in Exchange Auditing. Written by Randy Franklin Smith Monterey Technology Group, Inc.

Caretower s SIEM Managed Security Services

Making Database Security an IT Security Priority

SANS Top 20 Critical Controls for Effective Cyber Defense

Transcription:

Ultimate Windows Security for ArcSight YOUR COMPLETE ARCSIGHT SOLUTION FOR MICROSOFT WINDOWS Product Overview - October 2012

Ultimate Windows Security for ArcSight As ArcSight customers expand their security focus from perimeter defense to insider threats and compliance, the first data source they typically look at is Microsoft Windows. Microsoft Windows Servers provide a critical capability in most environments by managing their users, files, and systems. However, if you spend any time with the Windows Security Log you know that it s an undocumented mess full of inconsistencies, noise, false positives and cryptic codes. This makes implementing content difficult and problematic unless an organization maintains a staff with exceptional Windows and ArcSight expertise. Ultimate Windows Security and ThetaPoint have joined forces to solve this problem. The joint effort brings years of Windows and ArcSight experience together to offer a comprehensive solution that provides organizations with the resources necessary to build a proactive monitoring and compliance program for their Microsoft environment. IMAGE PLACEHOLDER Randy Franklin Smith is a highly trusted subject matter expert on the Windows security log and publishes UltimateWindowsSecurity.com (UWS). UWS spent years reverse engineering the events in the security log and isolating the arcane patterns that help you filter out the noise and mine the real gold that the Windows security log has to offer. UWS codified this knowledge into the Security Log Resource and Rosetta Audit Logging Kits for Windows and Active Directory. The kits are a collection of training modules, reference materials, design specifications, and expert guidance designed for end users to implement within their SIEM. The team at ThetaPoint has taken these resources and incorporated the knowledge, best practices, and recommendations into a turnkey solution for the ArcSight platform. UWS for ArcSight instantly gives ArcSight users all the power and knowledge of Windows Security Log and Rosetta Auditing Kits in a simple to use solution. The Ultimate Windows Security for ArcSight Solution Package includes an ArcSight content pack, Security Log Resource Kit, Rosetta Audit Logging Kit, and access to Randy Franklin Smith and ThetaPoint Consultants. UWS for ArcSight will jumpstart your ability to understand, monitor, alert, and conduct incident response leveraging ArcSight ESM for your Microsoft Server and Active Directory environment. Seamless Integration into ArcSight TM ESM Ultimate Windows Security for ArcSight implements many of the best practices and recommendations as documented in the Security Log Resource and Rosetta Audit Logging Kits. It was built using all your favorite ArcSight ESM features and seamlessly integrates into any environment where you are using the ArcSight Windows Unified SmartConnector and ArcSight ESM or Express. The installation and configuration time is typically less than 10 minutes. The content pack leverages ArcSight Resource Bundles (ARB). The content package includes a full solutions and installation guide along with 600+ ESM resources including Rules, Reports, Trends, Dashboards, Active Channels, and others.

ArcSight Content Pack The team at ThetaPoint built the content with one goal in mind: Answer the question that hundreds of clients have asked over the years when it comes to Windows security logs. What should I be looking for in my Windows Security Logs? The result is a comprehensive content pack that answers that question. Built on the guidance and best practices of Randy Franklin Smith and Ultimate Windows Security Team, the content pack dives into everything from User Authentication and User Session Tracking to Policy and Configuration Changes to Authorized Services Running on Servers. The content pack contains rules, reports, dashboards, integration commands, and more to support the following use cases surrounding both Active Directory and Member Servers for Windows Server 2003 and 2008: Users: Authentication, Failed Logons, Lockouts, Account Changes, Session Tracking, Elevated User Privileges, Administrator Monitoring, Permission Changes, Disabled Enabled Accounts, Password Resets, New Users Created, and more. Groups: Group Changes, Group Member Additions Deletions, and more. Policy: Audit Policy Changes, Domain Security Policy Changes, and more. System: Authorized vs Unauthorized Processes, System Time Changes, Event Log Cleared, Restore Mode, Unable to Log Events, System Shutdown, Local User Monitoring, and more.

Security Log Resource Kit The Security Log Resource Kit is the foundation for understanding the complexities within the Windows security log. The Security Log Resource Kit includes virtual training, mini-seminars, digital books and handouts so that organizations can use to become experts in dealing with the Windows security log. Once an organization has mastered these skills, only then are they in a position to secure their Microsoft Server environment. Security Log Secrets Interactive Edition Security Log Secrets illuminates the cryptic Windows security log and gives you the knowledge to effectively monitor, report and investigate activity throughout your Windows and Active Directory environment. Security log expert Randy Franklin Smith, uses innovative techniques to teach you monitoring, reporting and analyzing the Windows security logs in your network. You ll master how to leverage the security log to facilitate a better security posture and handle compliance issues. You will learn how to monitor end-users as well as administrators and how to detect intrusions and system changes. More than a long, passive DVD viewing experience, SLS-Interactive is an interactive Flash Video based training course designed to closely duplicate the live, instructor-led learning experience.the learning objectives and benefits from SLS-Interactive are: Understand the differences between Windows Server 2000, 2003, and 2008 (coming soon) log events Understand the audit changes in access control to privileged financial, customer and patient data Understand how to detect and report changes in administrator authority Understand how to centrally monitor logons Understand how to track changes in system policy including group policy objects and organizational units Security Log Mini-Seminars The Security Log Mini-Seminars are a collection of focused learning courses on key areas of the Windows security log. The courses are delivered as WMV and MP4 with PDF slide handouts on the following topics. Each course ranges from 15 to 45 minutes in duration. Understanding Authentication and Logon Monitoring Kerberos Authentication Catching Policy and Configuration Changes Monitoring User Accounts Tracking File Access Leveraging the Windows Security Log for Compliance Understanding Logon and Logoff Events Top 12 Suspicious Intrusion Indicators Tracking Access Control Changes Unraveling the All New Windows Server 2008 Security Log and Audit Policy Understanding Authentication Events Auditing File Access: The Good, Bad and Ugly Auditing User Accounts in Active Directory and Windows Servers Detecting Suspicious Logon Attempts

Security Logs Revealed Digital Book The Security Logs Revealed Books include many of the same materials delivered in the Security Log Secrets Training and Mini-Seminars. The Books can be used as standalone reference materials or as a self-paced teaching tool. Each book includes 100+ pages of security log knowledge for Windows Server 2003 and 2008 from security log expert, Randy Franklin Smith.The books cover the following topics in detail: Audit Policies and Event Viewer Understanding Authentication and Logon Account Logon Events Logon/Logoff Events Detailed Tracking Object Access Events Account Management Directory Service Access Events Privilege Use Events Policy Change Events System Events Getting the Most From the Security Log Security Log Encyclopedia Digital Book The Security Log Encyclopedia Book is a complete guide for both the Windows 2003 and 2008 security logs. It documents all 495 events in the Windows security logs and provides detailed explanation of each by Randy Franklin Smith. Rosetta Audit Logging Kit The Windows Security Log is a morass of cryptic security events - some noise, some highly valuable indicators of security activity. The same goes for other audit logs such as for SQL Server and SharePoint. Your auditors demand that you not only review these logs on a daily basis but monitor for suspicious events and respond in real time. So you purchase and implement a log management solution. Now you can collect security logs, securely archive them, produce daily reports and configure real time alerts. But... Which events do you report on? Which do you alert on? What is the significance of these events and how do you respond to them? How do you demonstrate compliance with specific requirements of PCI, SOX, HIPAA, GLBA, FISMA and other regulatory requirements? Log Management and SIEM vendors are very good at developing security and log management software but most will admit they are not subject matter experts in compliance, intrusion detection, and forensic information security. Rosetta Audit Logging Kit provides what we refer to as deep mapping in which for each report and alert we identify the specific controls which that report or alert facilitates and a detailed rationale for the mapping. With the Rosetta Audit Logging Kit you get: Best practice guidance on which events to alert and report on Report designs you can implement in your existing log management solution Alert specifications that include event criteria, alert text and suggested recipients Deep mappings to specific compliance requirements Recommended courses of action to each alert and report Filter specifications so you can get rid of the noise Personalized help from Randy Franklin Smith

Company Overview ThetaPoint, Inc. ThetaPoint is a group of elite security consultants who have combined their real world experience to establish a premier IT security consulting firm. ThetaPoint s primary mission is to enable organizations by providing industry leading services and solutions around ArcSight Products, SIEM, Log Management, Incident Response, and general IT security concerns. ThetaPoint consultants have a proven track record of success with Fortune 500 companies and government agencies in all industry verticals. Monterey Technology Group, Inc. Formed in 1997 by CEO Randy Franklin Smith, Monterey Technology Group, Inc. serves the InfoSec, IT Audit and Software Development communities with specialized services and solutions relating to Microsoft product security. Randy Franklin Smith is an internationally recognized expert on the security and control of Windows and Active Directory security who specializes in Windows and Active Directory security. He performs security reviews for clients ranging from small, privately held firms to Fortune 500 companies, national, and international organizations. Randy has written over 300 articles on Windows security issues, which appear in publications like Information Security Magazine and Windows IT Pro where he is a contributing editor and author of the popular Windows security log series. In 2003 Randy received the Apex Award of Excellence in the category of How-to Writing for his security feature 8 Tips for Avoiding the Next Big Worm. UltimateWindowsSecurity.com Web property of Monterey Technology Group, Inc. devoted to spreading knowledge and understanding of Windows Security, IT Audit and Compliance with exclusive content from Randy Franklin Smith. ThetaPoint Inc. Telephone:+1 (888) 519-0427 FAX:+1 (888) 519-0427 E-mail: info@theta-point.com Website: www.theta-point.com For more information on this or other ThetaPoint Offerings, please contact us or visit our website. 2012 ThetaPoint, Inc. ALL RIGHTS RESERVED 2012 Monterey Technology Group, Inc. ALL RIGHTS RESERVED. UltimateWindowsSecurity.com is a division of Monterey Technology Group, Inc. Other product and company names may be trademarks or registered trademarks of their respective owners. While every effort has been made to ensure the accuracy of the information presented in this publication, ThetaPoint and Monterey Technology Group does not warrant or assume any liability or responsibility for the accuracy, completeness, or usefulness of the information or processes disclosed in its publications or those of its partners. All information subject to change without notice.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information