NetVision Company Blog

A Discussion on Effective Audit of User Access

Exchange Mailbox Monitoring

Tags: ,

We already told you that updates for SIMON would be provided on a regular basis.  The latest enables Microsoft Exchange Monitoring without any further customization.  You asked for it and we listened.

A few of the commonly requested reports include:

  • Logon to Mailbox - tells you when users access their Exchange mailboxes.  This could be important as an audit trail.
  • Failed Attempt to Access a Mailbox - tells you when someone attempts to access a mailbox for which they don’t have permission.  This could indicate an attack scenario or perhaps let you know when employees need access to a shared mailbox account.
  • Logon to Non-Primary Mailbox - tells you when someone accesses a mailbox for which they are not the primary owner.  This enables you to monitor privileged users who may have permissions to access mailboxes that they shouldn’t be viewing.  It’s also good for audit trail purposes.

If Exchange Mailbox monitoring is important to you, be sure to let us know and we’ll make it a part of your personalized product demonstration.

Baby got Back(ing)

Tags: ,

You might have seen today that NetVision recently secured Series B financing.  If not, please take a look at the release.  Obviously, we’re happy and proud to get an edorsement from the great minds at vSpring and PEC.  This round enables us to stay focused on innovation in delivering solutions such as the SIMON managed service.  …stay tuned for future innovations that are currently on the design table!

3-Minute Introductory Demo

Tags: , ,

We put together this quick-and-dirty 3-minute introduction into one of NetVision’s core product offerings – directory monitoring.  In this example, we make a few common changes in Active Directory and show how the changes show up in our reports.

Actionable Intelligence

Tags: , , , ,

In my other blog, I recently discussed how Actionable Intelligence seems to be the achilles heal of SIEM solutions.  I promised to continue that discussion with a few words about NetVision’s approach to the problem.  And it’s quite simple actually.

The SIEMs and enterprise log management vendors seemed to have started from a different viewpoint.  They began by thinking about the dozens (or hundreds) of systems and applications that generate logs.  They thought about how to best collect logs from heterogeneous sources and then attempted to correlate information across different types of data.  For some organizations, these solutions must seem heaven-sent.  How else would you deal with all that log information?  How else would you collect, capture, and store those logs in case you need to look through them in the future?

Where they seem to fall short, though, is in providing actionable intelligence about what’s happening in the environment.  How could they?  They collect logs from hundreds of systems at once.  Even if it’s possible to setup alerts or actions based on some activity, someone would need to figure out how to interpret the logs, understand what possible values would be in the logs, configure the appropriate response to each event type in each system, and constantly monitor and keep them all up to date.  Doesn’t sound fun.  Certainly not simple.

Our angle of sight is different.  We see the core network directory (Microsoft Active Directory or Novell eDirectory) as the heart of the network.  It grants network access (sometimes local access to the workstation) and is often used to authenticate requests from VPNs, portals, and other systems.  A new account in the directory means a new identity to keep track of and a new potential threat on the network.  So that’s where we’ve focused since 1995.

We are buried deep within the core network directory and related file systems.  We don’t scrape logs and we’re not worried about what logs are being generated by some router or web server out in the network. Because of that focus, we have been able to build extensive tools that make it easy to filter on the types of events and information that are important to you.  And we’ve taken it a step further.

With our SIMON managed service, you don’t have to know anything about creating policies or configuring filters.  We do it all for you based on best-practices, years of experience, and your own personal needs.

The end result?  Actionable Intelligence.

You get emails when you want them that tell you who made a change, what change they made, and the before- and after- values.  Some events just write to the database, others kick out files, others generate alerts.  Some decisions are based on the resource (domain admins group).  Other decisions are based on the actor (employees scheduled to exit the company), the attribute changed, or even the time-of-day.  Data is transformed immediately into information and then analyzed and re-routed as appropriate.

This isn’t some future reality either.  We’ve been doing this a long time.  And we keep getting better.  I can’t wait to tell you what’s next for us.

Security in a Recession

Tags: ,

There’s an interesting article over at CSO titled 5 Tips for Managing Security in a Recession.  It has some good advice for people trying to maintain security and audit-ability on a restricted budget. 

The final paragraph talks about the value of outsourcing being cost-cutting but warns of the security risk.  We thought about that a lot last year during our planning meetings for SIMON.  Ultimately, we concluded that we could put out a solution that recovers budget without introducing security risk by implementing an appliance-based approach on-site that is managed by experts.  You outsource the pain, but not the data.  The data stays safe at home.

© 2009 NetVision Company Blog. All Rights Reserved.

This blog is powered by Wordpress and Magatheme by Bryan Helmig.