Weitere ähnliche Inhalte Kürzlich hochgeladen (20) Extending Log Management to Desktop for LEM Users2. 2
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Short of eliminating users, how can you effectively
protect your network against them? (remember, you need
end-users, they’re great job security)
3. 3
Agenda
» Workstation Log Monitoring – Why it Matters
» Extending Your LEM Installation to Monitor Workstations
» LEM Workstation Edition Licensing & Pricing
» Helpful Resources for Additional Reading
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
4. 4
The Importance of Monitoring Workstation Logs
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
A. To Protect Data and Prevent Data Loss!
Q. Why do I need workstation log & event monitoring?
• Internal threats and security risks introduced
by employees pose a very real problem
• Workstations are one of the more vulnerable
entities on your network
• Compliance requirements may mandate
monitoring of workstations
5. 5
Key Use Cases for Workstation Log Monitoring
» Unauthorized users logging on to workstations
» Multiple failed logon attempts
» Use of unauthorized USB drives and other attached devices
» Launch of prohibited applications (IM, games, etc.)
» Changes to local accounts and groups
» System changes, such as installation of unexpected software
and changes to local policies
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
What are key workstation activities I should look for?
6. 6
What is LEM Workstation Edition?
» It’s a new pricing model designed for SolarWinds LEM
customers to make workstation log management more
affordable than ever!
» Workstation Edition provides ALL the functionality of LEM
to help you cost-effectively collect, correlate, analyze and
store logs from a greater number of workstation nodes.
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
LEM Workstation Edition is a way to extend your existing LEM install
7. 7
Benefits of Using LEM Workstation Edition
» Extend LEM’s powerful log collection, correlation, analysis and
management functionality to cost-effectively cover more
workstations and protect against endpoint vulnerabilities.
» Monitor all workstation events in real-time:
Security events – assists with monitoring and preventing
Operational events – identify and troubleshoot performance issues
Policy-driven events – analyze and report compliance and policy violations
» Take Action!!!
Leverage Active Responses to automatically combat workstation security
threats in real-time—no human intervention required!
Ensure your network stays protected against endpoint threats even when
you’re sleeping!
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
8. 8
Windows® Log Management with LEM
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
» Use LEM Workstation Edition right alongside your existing LEM
license to monitor both your Windows servers and workstations
COST-EFFECTIVELY.
9. 9
Useful Workstation-based LEM Active Responses
» Kill Suspicious and Unapproved Processes
The Kill Process Active Response enables LEM to automatically kill a
suspicious or unapproved process by name or ID.
This action helps protect against unauthorized, malicious, or otherwise
unknown processes from consuming system resources at the least or
propagating a virus that takes down the network at worst
» Disable Networking on Infected Workstation
Use the Disable Networking Active Response to disable networking
on a workstation at the Windows® Device Manager level.
This action is useful for isolating network infections and attacks, and
can be automated in a LEM rule, or executed manually from the
Respond menu in the LEM Console.
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
LEM
10. 10
Useful Workstation-based LEM Active Responses
» Remove Unapproved Users from Administrative Group
LEM uses a Windows Active Response tool based on where you want
to remove the user(s) from—the domain level or local level.
This action protects against elevated privileges that could allow a user
to access restricted resources or make harmful system changes
» Detach Unauthorized USB Device
The Detach USB Device Active Response allows you to automatically
detach a USB or mass storage device from a workstation.
This action is useful for allowing only specific, approved devices to be
attached to your Windows computers or detaching any device
exhibiting suspicious behavior.
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
LEM
11. 11
Supported Workstation Operating Systems
» LEM Workstation Edition supports the following client
operating systems and are known as Workstation Nodes:
Windows XP
Windows Vista®
Windows 7
» All other data sources including Windows Server 2003, 2008,
2012 are part of LEM server license, known as Universal Nodes.
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
12. 12
LEM Workstation Edition Licensing & Pricing
» LEM differentiates workstation nodes from non-workstation
nodes only in terms of pricing and NOT functionality.
» Workstation node-based licensing model gives you the cost
benefit of monitoring thousands of workstation logs at
affordable and competitive pricing.
» You can upgrade your existing deployment to cover
workstations.
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Refer to pricing and licensing details of LEM Workstation Edition
here:
http://www.solarwinds.com/OnlineQuote/LicenseCalculator.as
px?productid=27®ion=NA
13. 13
Helpful Resources
» For Additional Reading:
Why & How of Monitoring Workstations with Log & Event Manager
Why Workstation Log Management is Crucial For Network Security
Useful Active Responses to Combat Workstation Security Threats
Workstation Log Management Made Easy with the New LEM 5.6
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
14. 14
Trademark
The SOLARWINDS and SOLARWINDS & Design marks are the exclusive property of
SolarWinds Worldwide, LLC, are registered with the U.S. Patent and Trademark Office,
and may be registered or pending registration in other countries. All other SolarWinds
trademarks, service marks, and logos may be common law marks, registered or
pending registration in the United States or in other countries. All other trademarks
mentioned herein are used for identification purposes only and may be or are
trademarks or registered trademarks of their respective companies.
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.