Monitor Files and Folders Like Never Before


Over and over, I get the same question from many admins and security professionals regarding the monitoring of files and folders. Although it can be complicated to address, I completely understand the issues, which are related to compliance and overall access. In reality, it comes down to monitoring the integrity of the company data.

Microsoft, of course, provides a file integrity solution, which will help you learn about changes to your system and program files. However, if you have information (data) that is not located in these places, nor shared, complications can arise. Well, ManageEngine has the perfect solution for you. We help you track ANY folder, regardless of it being  system or shared file. He

Auditing vs. Monitoring of Active Directory


I just finished a class where I had both auditors and administrators in attendance. It was one of the best groups I have had for that reason. From the class I learned that it is not always “known” what the difference is between auditing and monitoring. Auditing is performed by auditors and monitoring is typically performed by administrators. There is only a slight difference between the two, but the difference is rather important and can make a world of difference when it’s time to report on your log data.. 

Auditing is both a technology and a role. The technology is built into every Windows computer and has been for years. Going back to Windows NT, Microsoft has provided auditing. Domain control

IT Security and Auditing Framework – A Glass Half Full or Half Empty?


Log Management, Compliance Reporting and SIEM

Corporate islands with no connectivity to the external world and/or employees seeking permission to share company critical information with an outsider are not options that ensure protection from information thefts. Not a day goes by without a security breach or espionage attempt in the media. It doesn’t matter whether it’s an internal or external hack caused by a deliberate or inadvertent action. The IT guy is made accountable for the security gaps and is asked to revisit the policies to ensure that such incidents don’t recur.

We can all say thanks to the built-in logging mechanism in devices, systems and applications, which help track e…

PCI-DSS 3.0: The Stress on Password Protection & Security [Part-2]


[In the previous post, we briefly discussed the requirements proposed for PCI-DSS 3.0. In this post, we’ll discuss the requirements in depth.]

When a customer presents a payment card to a merchant at the point of sale, a chain of operations is triggered in the background. The request-approval process happens across software applications, wireless devices, firewalls, routers, switches, storage devices, telecommunication systems, and a host of other applications. Therefore, your data’s security is directly dependent upon the security of all these devices and applications.

Although several authentication mechanisms are emerging, passwords are still the most prominent mode of authenticatio…

Can your organization be Hack Immune?


This past few months witnessed a record breaking global level of malware threats and APTs (Advanced Persistent Threat) that put the mightiest of Enterprises’ security at jeopardy! Since December 2009, post the Google Aurora attack, the way Enterprises see APTs has changed forever. Even the last bit of resistance was wiped out when World Bank, Morgan Stanley was taken down by such threats too. The challenge with this type of security attack is the manner in which Enterprise IT Security is hacked – slow and disguised.

Not to mention the plethora of ‘zero day’ attacks lead by hacktivists (Eldarwood gang, Anonymous to name a few) that shake the very foundation of data security of the Enterprise with …

Software asset management is not so “soft” and “smooth”


“Choco bloc” is the idiom I think of when it comes to asset tracking (Hardware & Software). Tracking the assets information is not an easy thing to do especially software management and license monitoring. Enterprises need to look at three different aspects of software management – Software Metering, Software Compliance, and Prohibited Software.

Software Metering – You will purchase a lot of software that is required for your enterprise. But you need to track the usage metrics since not every software in enterprise is utilized 100%. Tracking the software usage helps you realize the used and unused software that can help you to take an informed decision. This decision can save your costs o…

Object Access Auditing Simplified – Find the ‘Who, What, Where, When’ of File & Folder Access


Most administrators face the challenge of knowing what actually happened to their files and folders – who accessed them, deleted them, edited them, moved them, where the files and folders went, etc. Object access auditing can help administrators to meet this challenge head-on.

Object access auditing is a critical requirement for organizations and helps network administrators to secure their enterprise network. With Object access auditing, organizations can secure their business critical data, such as employee data, accounting records, intellectual property, patient data, financial data, etc. One of the key goals of object access audits is regulatory compliance.

Industry standards such as Sa…

The Perils of Non-Compliance


The word ‘compliance’ has come a long way in the English dictionary. It might have started as yet another addition to the vocabulary, but now the image it conjures up – little would have the people who coined this word foreseen this evolution.

SOX, HIPAA, PCI, FISMA, GLBA… and considering the probability of the future Enrons, this list is only expected to grow. However, since many organizations have taken active steps to adhere to the compliance-rules, transactions on the web have become a lot safer than they used to be! Companies will surely not want to take the risk of being non-compliant…not if they have to face dire consequences!

You’ll have to face those dubious ‘CNN moments,’ where you

Ask me in EventLog Analyzer.

IT Manager /CXO of an enterprise are responsible to manage all IT infrastructure of an enterprise. This includes a vigorous update on the status of various security threats posed by internal users in their enterprise, and have a vital eye on various internal transactions carried out. It makes them to demand summary reports on important IT resources from their team, which includes specific stern events.

Such requirements are often delegated to system administrators and other IT staff, who supply IT managers with these specific reports. Mostly the information a CXO requires are Bird’s eye view of

  • Network security status for the complete enterprise
  • Overall compliance status and related remediation /co