IT Security and Auditing Framework – A Glass Half Full or Half Empty?


Log Management, Compliance Reporting and SIEM

Corporate islands with no connectivity to the external world and/or employees seeking permission to share company critical information with an outsider are not options that ensure protection from information thefts. Not a day goes by without a security breach or espionage attempt in the media. It doesn’t matter whether it’s an internal or external hack caused by a deliberate or inadvertent action. The IT guy is made accountable for the security gaps and is asked to revisit the policies to ensure that such incidents don’t recur.

We can all say thanks to the built-in logging mechanism in devices, systems and applications, which help track e…

ManageEngine’s EventLog Analyzer Advances the Cloud with ActiveState Stackato


The cloud, once known as the future of IT, is now part of modern IT infrastructure. With the growing acceptance of BYOD and employees soliciting critical business-service access on the move, the cloud is ideally suited to balancing these current market trends. It helps IT organizations be cost effective and deliver better IT services.

If you’re currently evaluating or have already implemented a cloud infrastructure in your business, you know it can be a tricky project with a lot of unanswered questions. This is especially true if statutory compliance acts such as PCI DSS, FISMA, HIPAA, and/or SOX govern your company. You need to consider a sound information security plan to detect abnormal access to …

ManageEngine EventLog Analyzer Secures Gold Award


We are excited to announce that ManageEngine EventLog Analyzer recently took home the Gold Award from Deb Shinder, MVP (Enterprise Security) reviewed the product before bestowing this award.

We want to thank for giving us an opportunity to have our product thoroughly reviewed by Shinder, a seasoned security professional. Thank you Deb for setting aside some time to evaluate EventLog Analyzer.

“The vendor (ManageEngine) actually cares about what the IT pros using their solution want and need” Shinder said “This solution manages to be extremely full featured without being complicated. Despite a couple of moments of confusion as I got acquain…

PCI DSS 3.0: Shifting focus on daily review of ‘security-relevant’ logs to identify suspicious activities [Part-3]


Ever since the release of the PCI DSS version 3.0 change highlights by the PCI Security Standards Council (PCI SSC), stakeholders of payment card industry and security analysts have been busy interpreting the proposed regulations. While many of the sections explained in the change highlights document require clarity, one thing was crystal clear – v3.0 expects the stakeholders to focus their log-review efforts on ‘identifying suspicious activity’ and not merely collecting them religiously and performing a generic review.


Even in PCI 2.0, Requirement 10 is all about activity logs – collection, transmission, storage and daily review of logs from the devices and sys…

5 Top Targets for Today’s Hackers


Black Hat USA bills itself as “the show that sets the benchmark for all other security conferences.” While most conferences tend to over-promote themselves, given the activity at this year’s show, that actually might be something of an understatement.

From the defense of government surveillance delivered by NSA Director General Keith Alexander to briefings on the coming “cryptopocalypse” and the risks associated with embedded devices and the Internet of Things, Black Hat reminds us that a little bit of paranoia is warranted in today’s connected world.

Here are my leading candidates for surprising, damaging ways criminal hackers are breaching our online security and val…

Spate of shocking cyber attacks on universities jolt academia


It is hauntingly clear – cyber criminals have set their eyes firmly on universities, research institutions, and centers of higher learning in the United States and other parts of the world. If the cyber attacks of the past few weeks are any indication, universities are now facing the biggest threat to information security.

Attack landscape

  • On July 17, 2013, personal information of more than 72,000 staff members (past and present) of the University of Delaware in Newark was compromised. Hackers  obtained the information (names, addresses, social security numbers, etc.) by exploiting the vulnerability in a third-party software that the university used.
  • On July 18, 2013, during a routine security sca

Your Net Worth Is Online – And Less Safe Than Ever


The Black Hat USA 2013 conference, which kicks off tomorrow in Las Vegas, brings together the brightest minds in IT security each year — those who are responsible for perpetrating and protecting against the latest hacks and vulnerabilities. And not a second too soon, since every week seems to usher in another security catastrophe.

This week’s shocker was the outing of a hole in mobile device SIM cards, by Karsten Nohl, the founder of Security Research Labs in Berlin. Nohl was able to send a virus to the SIM card through a text message, then eavesdrop on calls, make purchases through the phone and even impersonate the phone’s owner. He did all this in under two minutes using an everyday PC and estimate…

IT outsourcing: When outsiders become insiders, how do you ensure information security?


Organizations outsource a part or whole of their IT services to third-party service providers for various reasons, such as cost savings, leveraging outside expertise, need to meet business demands quickly, and other critical aspects. Usually, tasks such as software development, network management, customer support, and data center management are outsourced.

Engineers and technicians working with service providers would require remote privileged access to servers, databases, network devices, and other IT applications to discharge their contractual duties. Typically, in outsourced IT environments, the technicians working with the service provider will be located at a faraway place and will …

This Week’s Five: Security Begins At Home


This Week’s Five is a weekly column of five interesting reads from all over the web, with a different topic every week. This week, we explore the risks of security breach and importance of data protection in enterprise networks.

Cyber thieves of all kinds have made the lives of the people in charge of data security miserable; except when they get caught. In today’s world, organizations cannot afford to sit back and assume that “this won’t happen to us”. It is important to be prepared for impending breaches in security. So here is our advice: Secure your network, starting today!

In this special compendium of articles, we take a look at some of the important write-ups on sec…

If Big Data’s too scary, try Little Data (it’s free)


Here are some stats that will blow your mind: Every minute of every day, 48 hours of video content is uploaded to YouTube, Google receives over 2 million queries, over 100,000 tweets are sent and nearly 600 new websites are created. Perhaps most shocking is that quietly in the background, all of this data is tracked and stored. But what happens to it after that?

Obviously, today’s Internet is filled with vast amounts of data. When only a few short years ago a search would yield varied results, today search engines, social networks and even advertisers have realized that information must be culled, filtered and targeted for their consumers. In order to do this, many of these services collect data about you. Whil…