It’s been awhile since our last post on Event Log Management (ELM) Best Practices, but the issue is no less prevalent. Last time we discussed the necessary categories of events to enable when performing security audits (log on, account log on, object access, process tracking, policy change, account management, directory service access, and system events).

This week we will focus on automating the consolidation of ell log records. When you choose an ELM solution it is vital that you consider the automation, means of storage, and compression of log files. With the correct ELM solution in place you shouldn’t have to check on it daily or even weekly. A hands-off product usually only requires initial configuration and occasional tweaks. You may be looking to manage log files for compliance purposes, an internal security policy, or industry standards. Either way, it is necessary to have a collection strategy in place to deal with your log data.

Because Syslog files and Windows event logs are decentralized by default, each network device or system records its own activity. If you’re a network administrator managing security and compliance initiatives, you then need to combine this data for effective analysis and reporting. The process of merging data in a reliable manner can now be automated.

Why log data collection automation is necessary

Typically, an administrator will use an ELM tool to automatically gather log records on a nightly basis by saving and clearing active event log files from each system, compiling them in a central database (e.g. Microsoft SQL or Oracle), and compressing the saved files for storage centrally on secure file server.

There are pros and cons to compressing log data in flat files. For one, they are much cheaper to store when flat. However, for ad hoc or scheduled reporting and analysis it is helpful to keep an active working set of data (for 60 to 90 days). For that reason, there is a distinct auditing advantage to keeping log data in two formats, flat files and DB records. In most cases the majority of an audit is spent hunting down and restoring compressed flat files. You will want an ELM solution that allows for easy re-import of old saved log files back into your database should they be needed. Therefore we recommend you store log data in both formats.

Read the Whitepaper for more ELM Best Practices, or check back here for more of the blog series.

Enhanced by Zemanta

When your business is growing so is your network. Even when business isn’t booming (thanks economy) your business’ infrastructure can be evolving too. What you need is a tool that can manage these changes for you.

Little known fact: 75% of network outages and performance issues are the result of misconfiguration error. No one wants that.

We don’t want that for you either — so we’ve developed a list of best practices to assist you with network configuration and change management.

Best Practice #1: Create standard configurations for each device classification, such as router, LAN switch, WAN switch, or ATM switch.

Best Practice #: Maintain the current running configurations for all devices and a set number of previously running versions – at least 3 to 5 previous working versions – it will really help with troubleshooting tasks.

Best Practice #3: Keep track of when configuration changes were made for auditing purposes – you might even think about setting up real-time alerts and notifications in this area.

Best Practice #4: Automate the execution of the scheduled tasks relating to current network configuration backups, startup configuration file backups and password change management for an individual device or across groups of devices to reduce errors and save time.

Best Practice #5: Document your network and configuration changes periodically.

Sounds like a lot to take care of? WhatsConfigured can automate these processes for you. With full integration into WhatsUp Gold, it can simplify your life and eliminate human errors. Tedious manual configuration tasks and solving misconfiguration issues in the dark can now be a think of the past with WhatsConfigured. Nightly configuration backups, bulk configuration changes, complete audit trails, and real-time alerts triggered by changes to configuration are just a few of the featured we’ve designed with you in mind.

Yesterday I had the pleasure of speaking with the sales representatives and account managers at CompuCom, many of whom have been selling Ipswitch solutions for a long time.  It was a return visit to CompuCom’s Dallas headquarters for me, having attended a similar vendor fair about 6 months ago.

Many of our conversations centered on the types of problems that CompuCom customers are asking them help solve with technology solutions.  Top of the list are topics such as:  Group policy management, security, compliance, B2B exchanges and virtualization.

About a dozen or so of the representatives I talked with focus solely on renewal business.  It was nice to see the enthusiasm on long-term customer relationship and growing existing customer accounts.  One upsell in particular that was mentioned quite often for existing WS_FTP Server customers was adding the Ad Hoc Transfer module for person-to-person transfers using either Outlook or a browser.

Oh, and team Veeam – nice spending time with you guys.  You may have won the bowling match over team Ipswitch, but I return home to Boston knowing that Sam Adams beat Shiner Bock (TX’s so-called national beer) in the head-to-head comparison taste test!

By Andrew Couture, Sales Manager| North America

Finally! After days, weeks, or maybe even months of researching, evaluating, budgeting, and securing approval, you got the green light to purchase new software. But now what? You know that the product meets your requirements because you were able to test it out during your evaluation period, but now the rubber meets the road, and you are tasked with implementation.

All eyes are on you and how quickly you are able to extract the value from the investment your company just made. It may be the key to your big promotion, and you know that if you could just move the deadline out a few weeks or could get some additional help, you could knock this out of the park because it is not difficult…it is just unfamiliar.

Consider this example: Let’s say you had no idea how to use Microsoft Excel and your boss suddenly needed some numbers crunched, preferably with corresponding graphs, and she needed it immediately. Now, Microsoft’s Office Suite programs are known for being pretty intuitive and there’s no doubt that with a few hours and a lot of patience, you would figure it out and do a fine job…the problem is she needs it now.

So what do you do? What most people do is find the resident Excel expert and get a crash course in the functions to use, the shortcuts to save time, the best way to display certain calculations, etc. and lean on that person to help give you the training you need in real-time. Your output is that much better, that much faster.It’s not that different when it comes to investing in Training or Professional Services for more specialized software. Sure, you can figure it out on your own and you’d do a great job at it, as long as you are given the time. But even with the most intuitive and easy to use products, tapping into a knowledge expert speeds up the implementation and provides visibility into things that you otherwise might not discover.

It’s kind of like this: Any experienced hiker can climb a mountain for the first time and eventually reach the summit, but given the choice, having a guide who has done it before will get them there the quickest.

Here’s an amazing tale of how Ipswitch WS_FTP software is being used by the European Columbus laboratory to securely transfer hundreds of megabytes of scientific data between the International Space Station and Earth.

“Crew time is so valuable and the volume of data involved is so large that a reliable and secure system for data transfer was absolutely essential,” explained Alain Maillet, Cadmos engineer.

“WS_FTP gives us the possibility to transfer all our scientific data files automatically and securely, not only in space, but also back down to Earth – it is secure, stable and easy-to-use.”

Here’s an action photo of Alain Maillet talking with the International Space Station from Toulouse, France.

Got a great Ipswitch story of your own to tell?  Email us at mystories@ipswitch.com…. We can’t wait to hear all about it!

October is National Cyber Security Month.  In honor of this important topic in technology, we thought we’d chat a bit about our network management perspective on three common traps for security, risk management, and compliance:

Risk management isn’t just about business continuity and security. It is about the personal risk of IT managers when compliance and security regulations are not met. Network management software can help IT managers reduce risk throughout the corporate network while keeping their IT operations running smoothly. The first trap is when infrastructure components fail to work, leading to a failure in compliance, for example when internet connectivity is down due to a malfunctioning router and a regulatory filing misses the deadline. An effective network management solution can ensure connectivity across the enterprise’s infrastructure and communication services and can run synthetic transactions to periodically test performance and enable proactive steps when necessary.

Another frequent trap is when devices and systems are compromised, leading to compliance and security gaps. For example, if a wireless access point is tapped and company data traffic is exposed to an unauthorized external user or security privileges are changed so that unauthorized users now have access to data that they should not. In the first case, companies should make sure they have a network management solution in place that can provide visibility across all wireless access points, their status, users, connections and throughput, enabling high data flows or unauthorized attempts to log on to be tracked. Event log management software can collect, filter, analyze and alert to any such unauthorized change, or attempted changes, based on Windows Event log and Syslog records.

The third and final trap which network management software can help companies avoid is the failure of IT processes. For example, a configuration file is updated to a router with suspicious settings that redirects traffic to a malware site or application. In this case, administrators and IT managers should make sure that they have a solution in place that can automatically alert to any change that does not follow the established network policies and device configuration settings. All such changes are also captured by event log management software, thus providing comprehensive audit and pinpointing of rogue users who may be involved.

As these are all either preventable or recoverable in a short space of time as soon as the alert is known, IT managers have the responsibility to make sure that they have put the right monitoring solution in place from the outset.

October 15th is Blog Action Day. Thousands of bloggers around the world are taking to their blogs to raise awareness for this year’s cause: clean water. And of course we want to help spread the word too!

According to Mashable/Social Good: “Clean water is an important but often-overlooked cause. Change.org estimates almost 1 billion people across the planet don’t have access to clean, safe drinking water. That’s nearly one in eight people who are subject to preventable disease and death due to poor drinking water and unhygienic water for everyday needs. Approximately 4,500 children die each day from unsafe water and lack of basic sanitation facilities.”

Community involvement is very important here at Ipswitch, Inc., with our iCare@Ipswitch efforts committing five percent of our annual profits to a variety of community investment programs. As part of today’s Blog Action Day, the Network Management Division is pledging a commitment to water.org, an organization who partners with communities around the world in an effort to bring high quality, sustainable water projects.

What will you do about Blog Action Day and the clean water cause?

Enhanced by Zemanta

Now available on our community site, a new, in-depth resource center! — your home for educational whitepapers, How-to-videos, and wugSpace Resource Center for the entire WhatsUp Gold platform. wugSpace Resource Center

Not currently using WhatsUp Gold? – check it out anyway, it has information covering industry trends, Event Log Management for security and compliance, traffic analysis, and network management to provide value to any IT professionals out there.

Not sure some of the other WhatsUp Gold products are your cup of tea? Skim through the wugSpace Resource Center we’ve posted to get an idea of what WhatsUp Gold and its plug-ins can do for you.

If you’re new to WhatsUp Gold this is a great starting point to get your feet wet with all our complete network monitoring and event log management suites have to offer.

In the coming months this space is only going to grow, so keep an eye out for additional features and resources!

Enhanced by Zemanta

If you can remember, our recent post on Reducing IT Costs through Reduction in Lost Productivity, I’d like to introduce the next post in our best practices for IT cost reduction series. As with any network configuration, you will realize substantial gains in productivity and efficiency when the right network monitoring solution is in place. With WhatsUp Gold you can monitor physic al and virtual servers, applications, and network devices in a matter of minutes and from a single console to reduce costs.

We tend to forget the criticality of hardware well-being. And that requires monitoring performance as well as key health indicators like UPS, printers, fans, power supply, and temperature….WhatsUp Gold can do that for you!

To give you an example of how easy it is, WhatsUp Gold is used by US military forces when setting up networks and communication around the world. They require a network management framework that will let them discover, map and manage their new network in just a few minutes – personnel lives and security depend on these capabilities.

When US Army CENTCOM deployed a new network in Iraq, the working conditions were not ideal – cramped spaces, no AC, very high temperatures, wires everywhere. They relied on WhatsUp Gold to rapidly deploy and monitor their network in such a challenging situation. If WhatsUp Gold is so reliable in such adverse conditions, imagine what it can do for you in much better working conditions!

Read the US CENTCOM case study here.

More best practices on IT cost reduction on the way!

Enhanced by Zemanta

In my last three blog posts on the Ziff Davis MFT survey, we dove into security and compliance, highlighted other notable strengths such as speed, reliability, scalability and up-time, and looked at some perceived deployment challenges.

Today, let’s look at the business benefits of a MFT and how they impact an organization’s bottom line.

The survey did a nice job uncovering some supporting business processes which respondents claim were positively impacted by their MFT solution.  These include:  communications with remote office and remote workers, collaborating with external business partners, vendors and suppliers, distribution and fulfillment, compliance management and customer service.

Here’s a nice summary:  “Note how these improvements address the bottom line for an organization directly by improving efficiency, security, and customer outreach all at the same time.”  That’s quite an impressive trifecta!

I’ll conclude this 4-part blog series with a couple of closing thoughts:

  • I wholeheartedly agree with MFT solutions wearing the “unsung security and compliance solution” label…. And that growing perception will spread as more and more organizations look at refining, automating, optimizing and securing their file transfer policies, processes and workflows.
  • It all comes down to visibility, management and enforcement.  Organizations need visibility into data interactions, including files, events, people, policies and processes.  They also need to be able to manage and automate internal and external data transfers and interactions.  And of course, organizations must be able to easily create and enforce administrator defined policies and rules, including (but certainly not limited to) security.

 

Let’s take a closer look at the perceived challenges of Managed File Transfer (MFT) that are identified on the Ziff Davis MFT survey.

A few related topics top the list:  “Finding the right MFT solution”, the “Cost”, including ongoing maintenance and future upgrades, as well as “Employee training”, including satisfaction and acceptance.

A lot has to do with the partner you choose to do business with, as well as the complexity of the MFT solution and its ease of use.  Take time to carefully research vendors and clearly understand the anticipated deployment timeline, required involvement and training of your IT staff, and if any professional services are needed.

You want a proven, reliable vendor that has a track record of successful long-term customer relationships and who is committed to bringing new technology to market as business needs continue to grow and evolve.  Let’s just say that not all MFT vendors are created equal…So choose carefully.

“Cost” is always a sensitive subject. But with so many MFT solutions varying in complexity, sophistication, scalability, deployment options, and price,  I strongly advise you to list key business requirements and make sure not to over (or under) purchase functionality.

For example, here at Ipswitch we offer a range of MFT solutions that span from basic secure file transfer products and services all the way to robust solutions proven to meet requirements for extreme volumes of data exchange with governance, data transformation and file life-cycle tracking.  Our solutions have proven to be fast to deploy and easy to use, resulting in rapid time-to-value that greatly exceeds other vendor solutions.

Lastly, consider the ROI and “risk avoidance” aspects of MFT from a security perspective alone (which is only part of the story).  In a recent blog post, I pointed out that the average cost of each compromised file is $204.  So go ahead and estimate how many pieces of sensitive files and data your company has…. Now multiply that by $204.  I’m sure you’ll agree that the ROI on the time and resources spent to protect company data are well worth the investment!

Speaking of networks as “living entities,” records of all events taking place in your environment are being logged right now into event logs and Syslog files across your servers, workstations and networking devices. Has somebody gained unauthorized to key enterprise information –such as customer credit card data, employees, patient or financial records or others? Is your compliance officer asking for SOX-centric reports? The best way to react and respond is by collecting, archiving, analyzing, alerting and reporting on key information entries stored in your log files. Compliance standards such as SOX, Basel II, HIPAA, GLB, FISMA, PCI DSS, and NISPOM require this.

Log management is a truly daunting task because log files can come from many different sources, in various formats, and in large quantities. Just consider that one single Windows server can generate 1GB of log data in just one single day! In order to stay on top of this deluge of info, you really need to build the right log management strategy.

Here at WhatsUp Gold, our Gurus have developed seven Best Practices for Event and Log Management (ELM) to get you started on the path towards efficient log management. Today I will cover the first of these helpful tips.

When developing an effective ELM strategy, it is important to first define your audit policy categories. The term audit policy, in Microsoft Windows lexicon, just refers to the types of security events you want to record in the security event logs of your servers and workstations. With Microsoft Windows NT® systems, you must set the audit policy manually, but in Windows 2000® or Windows 2003® Active Directory® domains, with “Group Policy” enabled, you can define uniform audit policy settings for groups of servers or the entire domain.

Key Windows Event Logging Categories to Enable
  • Logon Events – Success/Failure
  • Account Logons – Success/Failure
  • Object Access – Success/Failure
  • Process Tracking – Success
  • Policy Change – Success/Failure
  • Account Management – Success
  • Directory Service Access – Success/Failure
  • Systems Events  – Success/Failure

To read about all seven Best Practices, view the Whitepaper, or stay tuned for more of the ELM Best Practices Blog Series.

Enhanced by Zemanta