Protecting Critical Servers

LogClarity® Server Edition Overview

It is not just external attacks that organizations must defend against, but malicious insiders who are knowledgeable and determined to take confidential customer and business data and sell it for financial gain. Some 35% of the top 100 financial institutions were victims of insider attacks in 2004, compared to only 14% the year before, according to a recent study from Deloitte & Touche.

One of the major responsibilities of every security administrator is to protect the enterprise from malicious attempts to steal or damage proprietary company information, trade secrets, and customer data. There is more at stake than meeting requirements, loss of reputation and customer confidence which all boils down to the revenue bottom line.

File servers, and database servers are a huge part of any company infrastructure and can be high profile targets for anyone looking to capitalize on an opportunity to access and take advantage of any weakness in the security infrastructure.

The most effective and efficient way to quickly identify and reduce risk to the enterprise is to log and monitor critical file access within the security logs on critical servers. To accomplish this, Windows file (object) auditing must enabled on critical servers. The problem is that when file auditing is enabled without only the native Windows operating system auditing at your disposal, auditing can cause serious problems with performance, disk space, and the security logs being overwritten within a short period of time. Being savvy in the set up is required, but it will take more than smart file choices to drastically reduce the problems mentioned.

The problem with enabling file level auditing (objects) on file servers is that large numbers of redundant copies of the logs with different time stamps get generated every time a file gets read, edited or deleted. These logs are also all categorized under one main event ID. The redundancy issue and the poor grouping of the logs can cause havoc when trying to perform forensic searches or reduce duplicate logs. Windows does not offer detailed management of its security logs.
 

LogClarity’s File Access Technology (FAT)

Perform proprietary analysis of security logs which automatically removes duplicate event logs, collect the true instance of the actual logs and centralize and monitor them in real time. Any misuse of critical files designated by users of LogClarity® will instantly set off an alert to appropriate personnel. The alerts can be set up for very specific focal points to reduce undesired alerts. Any accidental or intentional misuse of company sensitive materials, private customer information will be identified instantly to reduce further damage. This powerful monitoring solution is essential to a proactive security posture. >>>>>.

LogClarity® Server edition in concert with LogClarity® Professional is an essential piece of the Log Management and security puzzle for every company worldwide that needs to protect their enterprise from internal espionage or external hackers attempting to steal or corrupt critical data.