Privileged Activity Monitoring
The Foundation of Log Management
BalaBit provides unique solutions to IT Security and Operations challenges for a variety of Industries. See how BalaBit Log Management and Privileged Activity Monitoring technologies can solve these challenges.
Browse and download our latest guides.
Find the answers for your questions in our comprehensive documentation.
Choose the service package that best fits your needs.
Participate in technical trainings and complete the available e-learning courses.
Learn more about the integration and educational services.
Sign up for the basic training
Grow with us!
Find our reseller partners in your region.
Learn more about our technology partners.
Login to access our supporting materials.
Learn more about the benefits of BalaBit's Partner Program.
Watch our introductory video!
Companies, that solved real security issues with BalaBit products.
News and comment on latest trends and hot topics.
Check out our current vacancies and apply.
In case of any questions, do not hesitate to contact us.
Get hands-on experience. Try and evaluate BalaBit solutions for free.
Download the newest releases.
Free softwares developed by BalaBit are available at this page.
Use the file explorer to find the necessary installation package.
IT service providers including cloud service providers need to comply with numerous data protection regulations and standards in their daily operations. ISO27001, PCI-DSS Cloud Computing Guidelines, Cloud Security Alliance Security Trust & Assurance Registry and SSAE/ISAE contain similar log and access management requirements.
Download white paper »
Most log messages traditionally come from three types: system logs of servers, network devices, and applications. To derive actionable, valuable business information from this vast amount of raw log data, it is necessary to collect, filter, and normalize messages from various sources and store them centrally so that they may be easily accessed for review or archived for compliance purposes.
One of the greatest challenges of IT is to prevent privileged users from doing things in systems which are not allowed. While the activity of a web-site visitor is well-limited, the same is not true for an employee and certainly not for a system administrator of the company. The freedom of users grows with their access level - the higher rights they have in IT systems, the more risk they carry for the company.
ISO 27001, updated in September 2013, provides the framework for implementing an Information Security Management System (ISMS). This white paper discusses how log management, and specifically syslog-ng and the syslog-ng Store Box, can help you comply with ISO 27001:2013. This document is recommended for technical experts and decision-makers responsible for regulatory compliance.
Unlike many other regulations and standards, PCI DSS explicitly requires the organization to implement a central access control system and to audit user access to card data. System logs can’t provide all necessary information about user activities, so the majority of sensitive actions remains unmonitored. However, with PCI DSS v3.0 the standards council has emphasized that user auditing is a critical part of security best practices.
Unlike many other regulations and standards, PCI DSS explicitly requires organization to implement log management. Besides specific references, log management is part and parcel of the whole standard as most of the 12 requirements need to be met with security tools that require log data.
This white paper discusses the advantages of using BalaBit Shell Control Box (SCB) to control remote access to your servers, networking devices, as well as your virtualized applications. The document is recommended for technical experts and decision-makers working on auditing server-administration and remote-access processes for regulatory compliance (for example, PCI DSS or ISO 27001).
Telecommunication firms, whose facilities are used by various users to process personal and business data should handle confidential information with great care and apply an appropriate level of protection. In conclusion, telecommunication organizations need to establish and continuously improve an overall security management system that ensures the maintenance of appropriate controls.
Your system administrators are the most powerful users in the IT environment. They operate the whole IT infrastructure, containing sensitive data and critical company assets. If you are new in a position as a CIO, you may have a headache when thinking of ways to monitor your staff and protect sensitive business data from IT people’s mistakes or manipulation.
While most of the employees are trustworthy, there are always employees that abuse the trust placed in them and system administrators are no exception.
If you purchase a log management or SIEM tool, you might sit back with the conclusion that all your system audit and compliance problems are solved. Unfortunately, this rosy picture seems to ignore the ever-present problem of blind spots in audit reports: if your apps don't log it, your audit report won't show it...
There are several scenarios of where the blind spots occur. For example, basic system administrator activities, such as firewall or web-server configuration all include a potentially high security risk for companies. We might think that these activities should generate sufficient log entries, but in actuality they do not.
The documents show the difference between event logging and activity monitoring in Linux and Windows environments by comparing standard system logging with complete session recording.
Besides growing competition, compliance with PCI DSS, HIPAA, Basel II or other legal regulations is an increasing challenge to companies. Security requirements concerning IT systems are very rigorous but the implementation of ISO/IEC 27001:2005 (furthermore referred to as ISO 27001) standard can be an obvious solution for setting up an information security management system.
It is a common experience among organizations that compliance with different security-related international standards means a great burden for IT experts as well as for business managers. Worries grow especially if an audit is approaching and no mistakes should be made. The question of how these increasingly rigorous requirements can be met with the least human resources and expenditures arises frequently – by no surprise. There is no simple answer to this question. However, this document intends to describe the possibilities for company managers.
For many years, logging had been the exclusive privilege of IT experts. However, this has changed drastically by today, as it has become capable of playing a role in maintaining security which is of equal significance to providing support for specific business areas. When covering several levels of the organization, its use is in many cases accompanied by well measurable business benefits, which should not be neglected from either the financial or technological point of view.
The Ministry of Communications & Information Technology has recently published a letter for telecommunication providers of India. This letter describes specific technical requirements about Remote Access information.
According to the new requirements, telecommunication providers must take adequate measures to protect their subscribers' data and strictly control the remote access of third-party network service providers, especially if access is gained from outside of India.
Log messages can be used to detect security incidents, operational problems, and other issues like policy violations, and are useful in auditing and forensics situations. But collecting and analyzing log messages is also required directly or indirectly by several regulations, including the Sarbanes-Oxley Act (SOX), the Basel II Accord, the Health Insurance and Portability Act (HIPAA), or the Payment Card Industry Data Security Standard (PCI-DSS).
Cloud computing solutions offer several benefits, most notably the scalable and flexible access to computing resources. However, the increased concentration of business data and computing power scales security risks as well, requiring special considerations and care from cloud providers. This paper aims to provide helpful solutions to cloud providers on the main security risks affecting the clouds.
This document aims at briefly demonstrating the technological and business processes that led to the revaluation of log information to such an extent that its collection and procession has become one of the most essential tasks of contemporary corporate IT.
Furthermore, we attempt to identify those critical points of a central logging management project that determine its success the most. We hope that taking our six pieces of advice relating to these six points will substantially contribute to the successful professional activities of our readers.Download white paper »
Operating systems, applications, and network devices generate text messages of the events that happen to them: a user logs in, a file is created, a network connection is opened to a remote host. These messages, called log messages, can be used to detect security incidents, operational problems, policy violations, and are useful in auditing and forensics situations.
At companies relying on VMware View infrastructure, users at different organizational units might have the possibility to directly access and manipulate sensitive business information, such as financial or CRM data, personnel records and credit card numbers.