Chicago, IL, USA
Jul 22, 2019 | By Ingmar Koecher
The recently discovered BlueKeep RDP vulnerability reminds us yet again (as if needed to be reminded) that monitoring RDP is not a luxury but an absolute necessity. Many organizations still expose RDP ports to the Internet, making it a prime target for attacks. But even when RDP is only available internally it can still pose a threat – especially for large networks.
Mar 28, 2019 | By Ingmar Koecher
Since Active Directory is the foundation of all Windows networks, monitoring Active Directory needs to be part of any comprehensive security strategy. Up to version 3.5, EventSentry utilized Windows auditing and the security event log to provide reports on: User Account Changes, Group Changes and Computer Account Changes.
Jul 31, 2018 | By Ingmar Koecher
EventSentry v3.5 continues to increase visibility into networks with additional vantage points, making it easier for EventSentry users to reduce their attack surface as well as discover anomalies.
Mar 16, 2018 | By Ingmar Koecher
Windows supports a code-signing feature called Authenticode, which allows a software publisher to digitally sign executable files (e.g. .exe, .msi, …) so that users can verify their autenticity. The digital signature of a file can be viewed in the file properties in Windows explorer on the “Digital Signature” tab.
Jan 30, 2018 | By Ingmar Koecher
In part one I provided a high level overview of PowerShell and the potential risk it poses to networks. Of course we can only mitigate some PowerShell attacks if we have a trace, so going forward I am assuming that you followed part 1 of this series and enabled: Module Logging, Script Block Logging, Security Process Tracking (4688/4689)
Once you are familar with the basic concept of EventSentry we recommend that you take a look at the best practices. It contains useful tips & tricks and configuration examples to help you get the most out of EventSentry with the least amount of administration.
Apr 8, 2019 | By NETIKUS.NET LTD
EventSentry's ADMonitor natively monitors Active Directory™ to detect all object changes down to the attribute with before and after values. ADMonitor also captures group policy changes and includes a complete user inventory to quickly identify at-risk user accounts.
Nov 2, 2018 | By NETIKUS.NET LTD
Put netstat on steroids and reduce your attack surface by revealing all processes on your network that are listening for incoming TCP connections. EventSentry can also alert when a new process is listening for incoming connections, or when critical processes are not running.