05.12.2017 , Change Auditing, File Server Auditor, by .

Many IT Administrators find it difficult to implement an in-depth and pro-active File Server Audit strategy. If an important event happens and you want to investigate, you may have to wade through gigabytes of event logs on the Windows devices; which can often be like finding a needle in a haystack. Event logs stored on Windows File Systems are so verbose that deriving meaningful information from them can be very … Read more

05.09.2017 , Security, by .

According to a recent report by Bitglass, in 2016 there were 328 data healthcare data breaches reported in the US. That’s 60 more breaches than there were in 2015. An estimated 16.6 million US citizens were exposed as a result. The breaches were caused by various hacks, lost or stolen devices, and unauthorized disclosure of sensitive information. However, while the number of reported breaches are increasing, the overall number of … Read more

05.03.2017 , Compliance, by .

Privacy by design is a methodology that helps organisations develop projects where privacy and data protection are accounted for from the start. Privacy by design is not a requirement of the Data Protection Act, but has been included in the GDPR specification (Article 23). Instead of incorporating data security measures as an after-thought, privacy and data sharing policies should be developed during the early stages of a project. Doing so … Read more

04.26.2017 , Active Directory, Auditing, Security, by .

Misconfigured Domain Controllers (DCs) present a major security risk for Active Directory. To ensure that your Domain Controllers are configured correctly, you will need to closely review the default Domain Controller Policies, create Domain Controller GPOs (Group Policy Objects) and configure Group Policy Settings. Your policy will need to include patching and protecting Domain Controllers, and include an effective DC auditing strategy for monitoring and reporting changes to event logs. … Read more

04.21.2017 , Auditing, by .

Unlike an Information Security Analyst, to be a professional IT auditor, you are not strictly required to have an in-depth understanding of your operating system, nor do you need to be a hacker to be able to audit the files, folders and permissions on your network. However, it is imperative that the auditor knows exactly what they are auditing, which does require a high level of technical knowledge. There are … Read more

04.13.2017 , Security, by .

Wonga, the British payday loan company, has fallen victim to a data breach affecting an estimated 270,000 customers. The stolen data includes names, addresses, phone numbers and bank account details – including the last four digits of customers’ bank cards. Shortly after the breach was discovered, Wonga began contacting customers and setup a dedicated help page and phone line to deal with inquiries. The firm said it was “urgently investigating … Read more

04.11.2017 , Active Directory, Auditing, Change Auditing, Security, by .

Attackers are persistent in their pursuit to compromise Active Directory services due to their role in authorising access to critical and confidential data. As organisations expand, their infrastructure becomes increasingly more complex, which makes them a lot more vulnerable to attack as it is harder to keep track of important system changes, events and permissions. It’s also becomes a lot harder for organisations to determine where their sensitive data is … Read more

04.10.2017 , General, by .

The DMTF WS-Eventing standard was first introduced in Windows Server 2008 so that system administrators could centralize Windows event logs. As part of the open Web Services-Management (WS-Man) protocol that’s included in the Windows Management Framework (WMF), event forwarding provides a means to read and store event logs from Windows devices in one place. Windows Event Forwarding (WEF) is agentless, so you don’t need to install any additional software to … Read more

04.07.2017 , Auditing, Security, by .

Configuration drift is a naturally occurring phenomenon whereby configuration items (CIs), such as computers or devices on an organisation’s network, drift towards an inconsistent state. This problem occurs on both private and cloud-based networks. While there are a number of causes of configuration drift, it’s essentially the result of conflicting changes made to device’s, software, services and configuration files, which are not systematically monitored by the IT department. It is … Read more

04.04.2017 , Active Directory, Auditing, Change Auditing, by .

The overall cost to the UK economy from cyber-crime alone is well over £20 billion, and businesses are the ones that feel the effects the most. Every year we see stories of network attacks, yet it appears that many businesses are still not taking steps to mitigate the risks. Surveys suggest that most companies that face a significant security breach go out of business within a year. The average cost … Read more

Lepide® is a Registered Trademarks of Lepide Software Private Limited. © Copyright 2017 Lepide Software Private Limited. All Trademarks Acknowledged.