Businesses that don't comply with data protection regulations may find themselves in deep water if they can't prove to auditors that they have the appropriate measures in place - and if they do suffer a security breach they could find themselves in court.
Log data management and analysis are key components of these processes but smaller businesses may find many of the appliance based products are beyond their budgets. EventTracker from Prism Microsystems aims to offer solace as this software solution provides extensive log and event analysis features but at a more affordable price.
EventTracker collects Windows event logs, syslog and syslog-ng sources, web sites logs via HTTP and HTTPS and SNMP v1/v2 data. It also provides a range of features not found in standard log management products such as system monitoring plus it can alert administrators to unauthorized system changes. The perennial problem of USB devices also comes under its remit as it keeps track of usage, reports on user activities and can block access.
For Windows systems, EventTracker provides agent-less and agent-based monitoring, with the latter offering a far greater range of options. You have performance, application and service monitoring, real time event notification, event log backup, remedial actions, software installation and removal monitoring and USB device monitoring.
Installation is simple enough and EventTracker offers a central console providing easy access to each function. For Windows systems it uses an auto-discovery tool that sweeps the network and reports on the systems it finds. You then have the option of choosing agent-less monitoring or deploying the agent to them.
Agents are configured from the System Manager console where you apply filters to fine tune the event data being sent in. Percentage thresholds for CPU, memory and disk utilisation determine when event notifications are sent and in the same window you decide how to deal with USB devices. The agent reports back when it spots devices being inserted and removed, logs user activity and can disable all ports if required. For the latter you can also add an exception list containing the serial numbers of permitted storage devices.
We successfully tested the USB function as on inserting a memory stick in one of our agent monitored systems we saw the configured alerts swing into action. The event log was also updated with details of the device, the drive letter assigned and its serial number.
EventTracker is smart enough to differentiate between USB HID and storage devices so if you disable USB access the agent will only block the latter and will continue to allow the mouse and keyboard to function. We tested this on one system and found that whenever a USB stick was inserted it would appear briefly in Explorer and then disappear as it was disabled by the agent.
-
Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the lastNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Women show more team spirit when it comes to cybersecurity, yet they're still missing out on opportunitiesNews While they're more likely to believe that responsibility should be shared, women are less likely to get the necessary training
-
OpenAI wants developers using its new GPT-4.1 models – but how do they compare to Claude and Gemini on coding tasks?News OpenAI says its GPT-4.1 model family offers sizable improvements for coding, but tests show competitors still outperform it in key areas.
