In part 5, we looked at auditing your network device logs. A decade ago, security professionals were primarily concerned about network perimeter and endpoint security. While those concerns are still valid, technological advancements have created new scenarios that need to be addressed.

Anyone trying to access resources in your network needs to interact with your network devices: firewalls, routers, switches, and IDS/IPSs. Each of these devices generate syslogs that contain important security information and must be audited to gain complete visibility into the activities occurring in your network. Most SIEM solutions, including our own Log360, can collect and analyze syslogs in real time and instantly alert security teams if any security event of interest occurs.

Web servers are front-end facing applications that are vital for the daily operations of businesses. They are subject to attacks such as SQL injection, malicious URL requests, and the age-old classic, denial of service (DoS) attacks. While there are specialized web application security solutions that you can (and should) deploy, auditing web server logs is just as important for ensuring your web servers are secure and always up and running.

Insider threats are on the rise. In fact, both administrators and average employees are among the biggest security threats in an organization. When it comes to security auditing, there are two areas you need to focus on: Active Directory changes and individual user activity, particularly administrator activity.

In part 1, we looked at an overview of auditing servers. In this blog, we’ll discuss which events you need to audit in your databases and file servers where sensitive data is stored. New data protection regulations and large-scale global attacks have made this more important than ever before. The main goal is to not only ensure that the accesses and modifications to sensitive data in your network are authorized, but also that file and column integrity are maintained.

Everyone knows about the importance of log management in IT security. Yet, organizations struggle with implementing effective log management techniques in their networks. This blog series aims to revisit the fundamentals of log management and discuss the different security events you need to keep track of in each of the different systems in your environment.