In the world of event logging, not all logs are created equal. Firewalls, IDS, IPS, and other specialized technologies produce context-rich, high-quality information for products like SIEM to take immediate advantage of. But unfortunately, that’s far from the case in the Microsoft environment. Native Windows event logs are missing critical details, lack centralized controls and context, and are excessively noisy, making it difficult and sometimes impossible for SIEM or even the most seasoned security analysts to make heads or tails of what is really going on within critical systems and applications like Active Directory.
StealthINTERCEPT, a real-time Windows Security Intelligence solution soon to be fully-integrated with RSA Security Analytics, detects every change and authentication occurring within Active Directory in real-time, without any reliance on native Windows logging. Analyzing patterns of activity indicative of malware propagation and bad actors doing bad things, StealthINTERCEPT raises intelligent, highly-contextual offenses to Security Analytics such as Brute Force attacks, Horizontal Account Movement, and Account Hacking, without the heavy payload and in time to do something about them. In this webinar, STEALTHbits Co-Founder and Chief Software Architect will detail StealthINTERCEPT’s unique approach to real-time security monitoring, and its close integration with Security Analytics.
View the Webinar!