White papers

Industrial Control Systems and SCADA security

Today’s highly automated industries require fast and reliable data transfer. This evolution started the era of industrial Ethernet as a universal communication standard within Operational Technology (OT) environments. Ethernet meets the availability and real-time communication requirements of Industrial Control Systems (ICS) and enables communication with external networks and systems. However, increased connectivity brings numerous threats and vulnerabilities previously unknown to these systems. This white paper provides an overview of ICS, including Supervisory Control And Data Acquisition (SCADA) systems, outlines common threat scenarios, and suggests strategies to meet event log management and passive network monitoring requirements.

Learn More

Security Auditing on Modern Operating Systems

Audit logging is important for maintaining security and investigating incidents, and is required by many cybersecurity standards. Most operating systems have a native auditing system available for this purpose. About security event auditing Auditing systems in modern operating systems collect detailed information about security-related events. The audit or security logs generated by an auditing system facilitate identification of attempted attacks, security policy improvement, security incident investigation, and review by auditors.

Learn More

Reduce data size and cut SIEM licensing costs

The process of SIEM optimization is an ongoing effort within organizations as data reliability, performance, scaling and TCO associated issues continuously emerge. While these challenges can stem from a number of different sources, it is possible to solve them with a single solution: a focused log collection strategy. This white paper aims to help you develop such a strategy that ensures reliable log analytics and optimized performance while reducing overall SIEM costs.

Learn More

Solving Windows Log Collection Challenges with Event Tracing

Event Tracing for Windows (ETW) logs kernel, application, and other system activity. ETW provides better data and uses less resources. By understanding the key characteristics of ETW, system administrators can make a well-informed decision on how to utilize the logs collected via ETW to improve IT Security. About Event Tracing for Windows Event Tracing for Windows is a kernel-level tracing facility provided by the operating system and enabled dynamically. It logs kernel, application, and other system events.

Learn More

The Importance of DNS Logging in Enterprise Security

Attackers are using DNS for data theft, denial-of-service, and other malicious activity. Proactive monitoring of DNS activity can help network administrators quickly detect and respond to these threats. About the Domain Name System (DNS) The Domain Name System (DNS) provides a hierarchy of names for computers and services on the Internet or other networks. Its most noteworthy function is the translation of domain names such as example.com into IP addresses.

Learn More

Using Structured Logging for Effective Log Management

Structured logging offers a variety of advantages, including simpler parsing, easier format conversion, and more flexible classification and correlation of events, even across diverse log sources. About Structured Logging Each event is represented by an unrestricted set of key-value pairs The BSD Syslog format provides only a very restricted set of metadata fields in the header. Any metadata that is specific to the event or log source, such as username or IP address, must be included in the free-form string.

Learn More