Security
Security risks and vulnerabilities impact every
organization today. If they are taken advantage of, it can result in a number of
undesirable repercussions. Everything from productivity loss or damage to
company reputation, all the way to costly lawsuits and the list goes on.
Some security risks could cause extreme damage
to the enterprise and must be managed. Companies that know the security risks
that they are facing and have taken action to manage them have a significant
advantage over their competitors.
Security Risk Assessment Overview
LogClarity® provides a powerful built-in
Security Risk Assessment and Compliance (SRAC) module that presents detailed prioritization of
high risk target areas that internal or external hackers are likely to aim their
sites on. If these areas are not protected, wrongdoers can be successful in
causing huge amounts of damage to the enterprise. These targets need to be
monitored and protected at all times.
LogClarity® (SRAC) provides a simple to follow
interactive implementation process which can be initiated within minutes. Piece
of mind can be achieved by identifying these target areas and providing easy to
follow recommendations to reduce the risk and automate powerful protective
alerts.
Leveraging the LCDF technology
Log Fidelity’s LCDF
technology is extremely important for intelligent log management and
forensics however, it is the secret weapon that is used when creating unique and
powerful protective alerts. No other log management solution can proactively
identify the detailed changes to critical policies that affect the overall
security of the enterprise. .
Unfortunately, Microsoft doesn’t collect the logs that pertain to edits of group
policy objects which can be crucial to the security of the entire enterprise.
Since Microsoft doesn’t provide the logs, all other log management solutions are
powerless in this fragile area of every Windows domain. Other solutions cannot
identify security related issues in this area which is a huge potential security
hole.
The Secret Weapon
LogClarity® is the only solution that performs additional log collection methods
(LCDF Technology) that fills the critical gap in security. The additional logs
that LogClarity® collects that Microsoft doesn’t provide are what enables and
extend the powerful alerting and forensics capabilities of LogClarity® beyond
what any other solutions can do. LogClarity® protects the domain from gross
negligence or insider attacks to critical policies that could open up Pandora’s
box and unleash a great deal of damage in a short period of time.
Flexible LogClarity® Alerting options
- Alerts can be set to be executed when a
change is made to the object
- Alerts can be set to be executed when a
change is made by the object
- Alerts can be set to be executed when a
specific user logs into a computer.
- Alerts can be set to be executed when a
user logs into a specific computer.
Critical Risk Area 1: Important Group Policy
change:
Default Domain Security Policy
Any change to important group policy objects (i.e. Default Domain Policy) or
any policies that have been created which can alter a fleet of users, computers,
or most critical objects within the domain should not be modified without key
personnel being notified of the change.
Critical Risk Area 2: Important Groups:
Domain Admin Group and Enterprise Admin group change
Any edits to the Enterprise Administrators Group or Domain Administrators
Group that have been created with the same amount of privileges should not be
editing without alerting key personnel of the change. Get alerted when any
change is made to any of these groups.
Critical Risk Area 3: Important user logon
activity:
Administrator logons
There might be accounts such as the Administrator account or accounts that
have been created that have elevated privileges but, should not be edited,
logged onto, or used for editing objects. Get alerted when someone logs in with
this user.
Critical Risk Area 4: Important computer
logon activity:
Logons to domain controllers.
Some servers within the domain environment are primarily there for services
and are very rarely logged onto. A built-in alert is available if/when these
servers are logged onto
Alert Summary
Protection of additional areas can be easily
configured as well. Powerful alerts in addition to the pre-defined high risk
area alerts can easily be added to the list of areas that can be protected
LogClarity® provides an easy interactive method to set up and maintain the simple
to use alert settings for critical areas within the enterprise. Get alerted when
there is an edit to these important group policies or any other important user
or object within your domain.
| 
