LOGbinder EX

LOGbinder EX


Exchange logo

LOGbinder EX

• Application security intelligence for Exchange
• Fill the audit gap in your compliance efforts
• Catch APTs that have penetrated upstream defenses
• Detect data grabs by malicious insiders
• Know what’s happening inside of Exchange including:
    — Exports of mailboxes.
    — Copies of entire mailbox databases.
    — Security configuration changes to Exchange.
    — Access control changes to groups, roles, and permissions.
    — Modifications to Exchange policies involving retention, mobile device policy, information rights management,
      federation, and more.
• Correlate Exchange security activity with related events from the rest of your environment.
• No agent required; less pushback from Exchange admins.
• Ensure consistence mailbox audit policy (future).
• Fits neatly into your existing infrastructure between Exchange and your SIEM/BDSA.
• No data silos or additional consoles to monitor.

LOGbinder EX automatically manages the complicated process of requesting audit logs from Exchange every few minutes, watching for them to arrive by email, downloading the attachments and parsing the XML. LOGbinder EX translates cryptic admin and mailbox audit data into easy-to-understand messages and sends the results to your SIEM/BDSA – where they belong. LOGbinder EX does not require an agent to be installed on your Exchange servers. LOGbinder simply bridge the gap by bringing application security intelligence from Exchange to your security operations center.

• Translates cryptic Exchange audit data in to easy-to-understand events.
• Sends Exchange audit events to your SIEM.
• Safeguards audit log integrity.
• Manages mailbox audit policy (future).

LOGbinder EX is a small, efficient Windows service; there’s no agent to be installed on your Exchange servers.

Instead, a single instance LOGbinder EX runs on a given domain server and periodically sends a light-weight request to one of your Exchange servers asking for the latest events. Then it watches its mailbox for the logs to arrive. Exchange internally schedules and optimizes audit log processing and send the results to LOGbinder EX by email. There is no heavy communication between LOGbinder EX and Exchange.

LOGbinder EX parses the XML data it receives from Exchange into easy-to-understand mailbox and admin audit events and sends these events to your SIEM/BDSA using the best method for the target technology.

All LOGbinder EX needs is:

• Service account that has minimal privileges in Exchange.
• The URL of an Exchange server.
• A mailbox for receiving audit logs from Exchange.
• Windows Server 2008 or later.
• Exchange 2010 or later with service packs supported by Microsoft.