May 2021 Newsletter
Increase your macOS network security by aggregating logs from Mac hosts into a single SIEM input stream
As macOS use continues to grow in companies' IT environments, threat actors have also taken notice. Large and small organizations across all verticals that provide macOS devices to their employees face a trade-off between the benefits of offering them their operating system of choice, and the potential security gaps they may be unintentionally introducing, making security for Mac hosts increasingly critical. As Craig Federighi, Apple's software engineering chief has recently pointed out, the scale of the Mac malware challenge is growing fast. While Linux and Windows may still dominate the enterprise server market, desktop logging plays an important role in security-conscious organizations. The main challenge that has prevented a more widespread adoption of macOS in such organizations is the lack of software solutions that can provide a centralized collection of macOS security logs. Until now.
With NXLog Enterprise Edition, it is now possible for the first time ever, to gather ULS events from multiple Macs and forward them to a remote server for monitoring and analysis. Macs with NXLog agents installed can forward their ULS (or Apple) logs with custom logs from third-party apps through a centralized NXLog Enterprise Edition relay server to multiple destinations. This way it filters out high volume, low-quality events while retaining only high-quality security events not only to reduce SIEM costs but also to further enhance the performance of the event analysis at the SIEM endpoints.
NXLog Enterprise Edition is capable of collecting all types of logs from Apple OS X 10.11 (El Capitan) as well as any release of macOS running on any Mac hardware, including Macs equipped with Apple’s M1 Chip.
Join us on Tuesday, June 8, to see all the new features in our last releases (v5.1, v5.2, v5.3). We'll also present our two new products, Minder (our new agent management solution) and Raijin (a modern schema-less database engine that can be used to aggregate security logs from diverse sources, while also offering many other functionalities).
After the 30-minute seminar, we're going to have a Q&A session with our experts. We're looking forward to seeing you there!
Register now and save your seat.
We are glad to announce our partnership with Securonix that could serve as an inspiring example for other companies looking to implement a scalable data aggregation system. As companies continue to grow and add more disparate applications to their environment, log collection becomes a major challenge for the IT organization. In such scenarios, the complexity of collecting the necessary log data to remain compliant, addressing privacy standards, and security concerns from modern threats, efficient log collection can become an overwhelming challenge.
Now the Securonix Next-Gen SIEM With Advanced Log Collection Powered by NXLog can provide organizations with a solution that ensures that logs are collected in an efficient, secure, and reliable method while allowing the data to be structured, formatted, and filtered as required. Customers can also avail of both agent-based and agentless collection capabilities and administrators can now collect data from common system logs and log formats including Syslog, Windows Event Log, file-based logs, and databases. In addition, specialized APIs and SDKs allow for remote collection. Flexible log collection, whether it is agent-based or agentless, can be employed as per the security team's needs to align with organizational priorities.
Read Securonix's article about the benefits of a powerful, flexible log collection and management platform.
NXLog can be configured to send logs from the NetApp Storage in Syslog format by receiving log entries via UDP and processing them as Syslog. On top of that, the NetApp audit logs that are saved in the Windows Event Log (EVTX) format by default, can be parsed by NXLog using the im_msvistalog module, while it can also be configured to output logs in ONTAP-specific XML format.
Learn more on how to send logs from NetApp.
Apache NiFi is a platform for real-time data ingestion and distribution among various sources and destination systems supporting a wide variety of data formats and protocols. NXLog supports different protocols and can be configured to forward log events to Apache NiFi via TCP or over SSL/TLS.
While Apache NiFi can send logs using multiple processors to NXLog, NXLog can receive data using almost any network protocol. There are several ways to send data from Apache NiFi to NXLog such as the PutSyslog processor with its Hostname and Protocol properties specified.
Learn more about how to send and collect logs from Apache NiFi.
Top Social Media Chatter May
- Computerworld's article where NXLog gets recommended as an innovative security tool that lets IT admins aggregate security logs from across their Mac fleet - Read article
- DNIF SIEM video explaining how to install NXLog for Windows and how to collect and forward logs - Watch video
- Graylog community discussion about how to configured NXLog to collect Hyper-V servers' logs. - See discussion
- Atmosera (US-based MSSP) tweet about NXLog MSSP log collection strategy case study - See tweet