SecurLOG

Security Event Log Monitoring Agent

A common misconception is that security threats only come from external sources. A significant proportion of malicious activity actually originate from within an organization. Standard and necessary methods of protecting the network (firewalls and network-based intrusion detection and prevention devices) do very little to ensure the integrity of critical servers and workstations from an internal attack.

SecurLOG (Security Event Log Monitoring Agent), part of DataComm’s complete suite of security services (SecurNOC), was designed to combat this growing issue by monitoring event logs distributed by Windows and UNIX hosts. SecurLOG utilizes trained security staff to monitor mission critical servers’ Event Viewer logs in real-time for policy and security violations, manage complex rulesets often overlooked when choosing standalone products and maintain logs required by regulators for critical devices. This service keeps your staff informed of internal security breaches without expensive applications, time-consuming installations and extensive training.

DataComm’s SecurLOG Service Delivers:

• An enhanced security posture
• A dedicated team of security experts
• 24x7x365 log monitoring
• Immediate incident response
• Real time alerting & notification
• On-demand reporting
• Compliance reporting to meet GLBA, HIPAA, and SOX acts

DataComm’s SecurLOG Provides the Means to:

• Determine unauthorized access attempts and other policy violations
• Monitor critical servers exclusively and set alerts
• Understand server and network activity in real-time
• Find changes to access rights to shares, files, folders, etc.
• Log attempts to unauthorized access to computer system resources.
• View system activity including logins, file accesses and security incidents.
• Monitor unauthorized Active Directory access permissions

DataComm’s SecurNOC deployment staff will assist in the installation of the agent on critical servers/workstations. SecurLOG will then collect, in real-time, the policy and security events logged in the Event Viewer and securely, using AES 256-bit encryption, transmit these events to the SecurSHIELD IDS/IPS sensor. The SecurSHIELD then correlates this information to customized signatures created specifically for your environment and when a policy and/or security violation is detected sends an alert through the secure SecurNOC connection. DataComm’s SecurNOC Monitoring Professional then investigate and respond to these alerts.

SecurLOG makes the task more intuitive, for example, by removing the “noise” events that account for a large percentage of security events. By performing these tasks quickly and efficiently, our solution reduces system downtime, increases network performance, and helps tighten security policies.

SecurLOG Provides Real-Time Detection & Response to the following policy and security events:

• User Logon and Logoff events in the Active Directory domain, local servers or critical workstations.
• Active Directory domain user/group modifications, including adding, altering and removing users/groups.
• Local server or critical workstation user/group modifications, including adding, altering and removing users/groups.
• Customized file and object access events, including tracking critical file, share and printer resource access.

With the “noise” cast aside, SecurLOG notifies you of critical events by prioritizing them according to the type of security event, security level of each computer, when event occurred (outside or during operating hours), role of computer (workstation, member server or domain controller) and its operating system. Once analyzed, the events are categorized into critical, high, medium and low security. So, if somebody tries to create a new user account at 8 p.m. on a computer that should be logged off at 5 p.m. an automatic email notification will be sent and a series of phone calls will be placed by a SecurNOC Monitoring Professional to the list of contacts designated at your institution!

Logs need to be archived for the purpose of network auditing and more recently to comply with various regulations such as HIPAA, GLBA and Sarbanes-Oxley.

DataComm provides reporting in three ways:

• Email Notification Reports of Critical Events
• On-Demand Reports Via the SecurSHIELD Event Monitor Interface
• Monthly CD Archival Reports With Incident Response Logs