SIEM Spotlight: Join us this week for our HP ArcSight Integration webinar

4 02 2014

Yep, you guessed it. We’re going to talk about big data. You’ve probably heard the buzz term a million times this year, but here’s an important question for any IT administrator and management team: What role does big data play in making your organization more secure?

Pairing security information and event management (SIEM) with strong privileged account management and password practices combines the best of both worlds for folks looking to strengthen their internal security posture. Just imagine, you could know when an employee started to view an unusual number of passwords because the SIEM tool immediately alerted your security team, preventing a potential insider threat.

The SIEM market includes several vendors that offer strong, enterprise-class tools for proper SIEM management, and that integrate out of the box with Secret Server.

HP_ArcSight

On Thursday, February 6, join us and HP ArcSight as we take a deeper look into how Secret Server integrates with SIEM tool HP ArcSight and what that means for customers and their security plan. Join the webinar to see:

  • A full demonstration of the integration.
  • Common examples of how SIEM technology pairs with enterprise password management to enhance security.
  • Live question and answer session with both Thycotic and HP ArcSight.

Event details

Integration Spotlight: HP ArcSight and Thycotic.

Thursday February 6, 11:30am EST.

Hosted by: Ben Yoder from Thycotic, and Eric Shou and Morgan DeRodeff from HP.

Interested in learning more? Register for the webinar now.

 

 





The Value of SIEM and How to Integrate with Secret Server

1 10 2013

What is a SIEM tool and why should I use one?

SIEM (System Information and Event Management) tools are a type of software that pulls in log and audit information from multiple sources across your network. This can include access logs for building entry, computers, servers, network devices, databases and applications. SIEM tools can aggregate all the data pulled so that you can get a clear picture of what is going on across your network by correlating events. It also provides real-time alerting in the case of security breach.

Here’s a quick example of how a SIEM tool can identify a breach. Say an employee – let’s call her Sarah – comes to work every day around 9:00 am EST. She’s an IT admin, so she beeps into the building with her key card, logs into her computer and starts checking on the status of her assigned servers. But, one day her computer is accessed in the middle of the night, long before she typically comes in. She hasn’t beeped back into the building and her VPN connection was never activated. This could be a security breach and someone better start asking questions. If the company had a SIEM tool, it would have alerted the company that something was wrong.

Secret Server can easily integrate with your existing SIEM tool. As a privileged account manager, Secret Server records a full audit of credential usage – who accessed what and when.  Secret Server can take this audit trail and send all of its information to the SIEM tool using Syslog or CEF format. Once the data is in the SIEM tool, it will compare events from Secret Server to other usage audits throughout your network.

Now, say that Sarah’s company used Secret Server with a SIEM integration for all admin passwords. One night, someone logged into one of Sarah’s servers as the local admin, but there was no indication that anyone logged into Secret Server to retrieve the password. The SIEM tool would be able to tell that a login occurred without Secret Server and flag it as a potential breach. The SIEM tool would then alert the company of the potential breach.

Secret Server is partnered with two SIEM tools, HP ArcSight and Splunk, Inc., with more integrations in the works. Find out more about Secret Server’s SIEM integration and syslog output on our support page!








Follow

Get every new post delivered to your Inbox.

Join 30 other followers