Morgan Holm

Cygna Labs Adds SIEM Event Forwarding and Identity Grouping Features to Cygna Auditor Version 2.0


Cygna Labs releases a new version of Cygna Auditor (v 2.0.380) that implements event forwarding to SIEM systems as well as an account mapping feature that allows for the grouping of an individual’s user accounts from multiple on-prem and cloud systems to a searchable identity.

SIEM Forwarding

The need for organizations to understand what is happening in their on-prem and cloud environments has become increasingly important to detect insider threats, breaches, and cyber-attacks. Auditing and alerting on suspicious activities are critical to aid in detection and to minimize the impact. The newest release of Cygna Auditor adds the ability to forward plain language events to SIEM systems in a standard syslog format or structured view. This simplifies the understanding and consumption of the audit information for operational and security teams to make decisions and react quickly. The structured view normalizes the audit data in the SIEM by the who (account that made the change), what (the object/attribute that was changed with before and after values), where (the system where the change was applied) and when (the time the change was made).  Essentially Cygna Auditor provides SIEM systems a data translation layer service that converts non-human readable raw log data into plain language values as they occur.



Cygna Identity

Many organizations have a multitude of systems and applications that do not share a single identity store. Some systems are required to be separate due to regulatory or geopolitical reasons and as such, a single admin or user may have numerous separate user accounts to use or manage these systems. The new 2.0 release of Cygna Auditor has a new feature called Cygna Identity to unify these accounts. This feature provides the ability to group multiple user accounts from hybrid and multi cloud systems to a single searchable identity. No other auditing solution currently provides a single view of the individual’s activities across these separate accounts.  The new Cygna Identity feature enables organizations to quickly see an individual’s activities across multiple accounts.


Additional 2.0 Features

  • PBMS Connector AD Delegation and Scoping
    • Active Directory delegation and scoping will now also apply to AD audit data from the PBMS connector
  • RSAT Extensions (Remote Server Administration Tools)
    • Integration into ADUC and GPMC consoles to be able to launch a Cygna audit trail or perform a rollback from these native administration tools through context sensitive menu options
  • Daily Status Emails
    • Anonymized system status emails that can be sent to administrators, integrators or partners to inform on high level system function and performance


Stay tuned for additional blog posts that will go into greater detail on the SIEM forwarding and Cygna Identity features.

Morgan Holm

Delegation in Cygna Auditor


The Cygna Labs platform allows you to view and combine audit information from across your hybrid multi-cloud systems in a single web console. Depending on your organization’s administration model, regulatory compliance, or policies, you may need to limit user access and actions. Delegation should limit users to perform specific activities on only the information they are allowed to work with that is necessary to perform their jobs.

The Cygna Labs platform has implemented a role-based access control (RBAC) delegation model to control access and permissions to the base platform and product modules. Roles are defined by combining only the necessary sets of permissions needed to perform common tasks in organizational job functions. Groups and or users are then assigned to the roles allowing them to perform these tasks. There is also the ability to define scope for groups and or users assigned to the role to create a boundary for data and actions. This approach minimizes the need to create additional duplicate roles or reports that only differ in scope. The role defines the permissions for its members to perform the designated actions. The scope set to the user or group when assigning them to the role that defines where, or on what data, they can perform them on. If no scope is set on the users or groups assigned to the roles, they will be able to perform those actions against the complete dataset that is configured for the Cygna product module. Scope assignments are hierarchical (when applicable) and are inherited by all child items. Built-in reports will have fixed role permissions set out of the box but will also allow list and execute permissions to be set directly.

Common Permission Sets

  • Full Control (all permissions)
  • List (read)
  • Create (write)
  • Execute (open)


Role Based Access Control (RBAC)

Each module has the following basic RBAC roles defined with its own actions, data types and scope boundaries.  The delegation model accommodates for additional built-in roles to be added in the future and for user defined roles.  Built-in roles are not end user customizable.  However, custom roles can be created by owners from scratch or built-in roles can be cloned to speed up and simplify the configuration process.

  • Owner of module – Allows you to manage everything, including access to resources
    • Permissions:
      • Full control for the module
    • Manages:
      • Access and scope
      • Module settings
      • Module data
  • Contributor – Allows you to perform most actions except for core module configuration and granting access / scope to resources
    • Permissions:
      • List
      • Create
      • Execute
    • Actions on:
      • Module specific data
      • Module specific tasks
  • Reader – Allows you to view everything, but not make any changes
    • Permissions:
      • List
      • Execute
    • Actions on:
      • Module specific data
      • Module specific tasks

Example Delegation Scenario

NA Auditors group is added to the Active Directory – Reader role with a scope defined to the North America OU.  EU Auditors group is added to the Active Directory – Reader role with a scope defined to EMEA OU.  User (A) is a member of the NA Auditors group.  They would be able to see the list of Active Directory reports.  If they run the All Active Directory Changes report they would see all AD changes but only for their scoped OU of North America.  User (B) is a member of the EU Auditors group.  They would be able to see the list of Active Directory reports.  If they run the All Active Directory Changes report they would see all AD changes but only for their scoped OU of EMEA.

Scenario Delegation Configuration

Delegation is available under the Configuration view. Select the Delegation tile to configure.


There are two tiles under Delegation, Roles and Role Assignment.



The Roles tile contains the built-in roles and allows you to add + a new role or select the hamburger icon  to the right of an existing role to clone it.



To add a user or group to a role, select the Role Assignment tile under Delegation.  Once open, select the desired role for assignment from the Select a role drop-down list of available roles.  For the example scenario, select the Active Directory – Reader role.



To select the role assignment target type, select the Assign access to drop down list.  For the example scenario select Group.


The role assignment configuration options should currently look like the following.



To configure a scope for the role assignment, select the Add/Remove scope tab on the top before saving the role assignment.  The appropriate data source for the role is shown.  For the example scenario expand the desired Active Directory domain and select the North America OU and click on the Add scope button.



Once the scope has been added, click the Save button to finish the role assignment.  For the example scenario the same process would be followed for the second role assignment except the group selected would be the EU Auditors and the OU selected would be EMEA.  Now users that are members of those groups will be limited to audit data for their respective scoped OUs for both ADHOC searches and built-in reports.


Morgan Holm

Configure PBMS as a Data Source in Cygna Auditor

Since Cygna Labs took over the BeyondTrust Auditor Suite (PowerBroker Management Suite) at the beginning of this year we have taken on support, maintenance, and enhancements for the products. We are uniquely positioned to do this because we are the same group of industry veterans who also developed the Blackbird Management Suite, which was acquired by BeyondTrust in 2012.
Our main goal is to provide a smooth transition for those customers over to the Cygna organization and products. To that end we have recently released an updated version of Cygna Auditor that integrates PowerBroker Management Suite (PBMS) as data source in the Cygna Auditor global reporting feature. This provides the ability to view and filter PBMS data combined with many other sources such as Office / Microsoft 365 in a simple yet powerful web-based console.
The process to setup this configuration is straightforward.


Select PowerBroker Management Suite Tile

  • From the Cygna Auditor Configuration page Select the PowerBroker Management Suite tile.


Configure PowerBroker Management Suite



Configure PBMS Connection Properties

  • Enter the database server name and instance (if not default) for the existing PBMS database
  • Select the SQL authentication type and enter an account and password that has access to the PBMS database
  • Select the name of the PBMS database under Initial Catalog
  • Typically there is no need to adjust timeout or retry setting values
  • Push the Verify connection string button to confirm the settings are correct and if so, then select the Save button


PowerBroker Management Suite Database Connection Settings


PBMS Dashboard Elements

  • Once connected, a PBMS tile will be added under Events by Source and there will be a Top PBMS AD Users chart


PowerBroker Management Suite Dashboard Elements


PBMS Events

  • PBMS audit events now appear in the interactive audit views and can be saved in reports
  • You can specify the audit sources of interest


PowerBroker Management Suite Event Source



  • The PBMS audit events appear among audit events from other sources including Microsoft 365
  • The displayed events can be focused to only return the desired audit data across specified sources greatly simplifying your auditing efforts


PowerBroker Management Suite Events in Cygna Auditor Global Reporting


Mikael Grondahl

Cloud Computing Demystified – Part 3

Cloud Computing (Part 3) – The Risks & Challenges

In the previous blog, Cloud Computing Demystified – Part 2 – The Benefits, we discussed the benefits of cloud computing, and there are many, but we also need to be aware of the challenges and risks associated with cloud computing.

If you didn’t read the previous blog, check it out at:

Most of these challenges and risks can be addressed and mitigated through proper planning, and due diligence.

Again, just like in the previous two blogs, keep in mind, this is with a focus on the larger cloud providers, such as Amazon Web Services, Microsoft Azure, Google Cloud and so on, with smaller providers you will experience different risks & challenges to some extent.


So, let’s jump in and discuss these risks and challenges…

Risks of cloud computing

Before considering cloud computing technology, it is important to understand the risks involved when moving your business into the cloud. You should carry out a risk assessment before any control is handed over to a service provider.

Below are a few of the major points to be aware of:

Privacy agreement and service level agreement

You need to have suitable agreements in place with your service providers before services commence. This will protect you against certain risks and outline the responsibilities of each party in the form of a service level agreement (SLA). You should read the SLA and ensure that you understand what you are agreeing to before you sign. Make sure that you understand the responsibilities of the service provider, as well as your own obligations.

An SLA serves as both the blueprint and warranty for cloud computing and should act as a guide for handling potential problems, such as lawsuits.

It’s a tool for protecting the stability of the service and protecting the assets of the company and minimizing the expense should drastic actions be required.

Security and data protection

You must consider how your data will be stored and secured when outsourcing to a third party. This should be outlined in the agreement with your service provider and must address mitigations to governance and security risks. It must cover who has access to the data and the security measures in place to protect your data.

Location of data

Cloud computing service providers could be in a different country. Before committing, you should investigate where your data is being stored and which privacy and security laws will apply to the data.

Legislation and regulation

You will need to be aware of legislative and regulatory requirements when storing personal data. If the data is being stored outside of your country (e.g. if your business uses an overseas service provider), you will also need to be aware of the legislation and regulation requirements in that geographic location.

Biggest Challenges of cloud computing

Cloud computing makes accessing data and applications more reliable and efficient, with less administrative effort. It’s used to enable global access to mutual pools of resources such as services, apps, data, servers, and computer networks.

It’s the choice for many businesses and organizations, since it’s very scalable and in a lot of cases makes perfect financial sense for these companies. It also provides less of a need for worrying about business continuity planning, availability, upgrades and so on.

However, the on-demand and scalable nature of cloud computing services sometimes makes it difficult to define and project quantities and costs.

There are challenges involved in cloud computing, but if you’re aware of what they are, and address them, you will be able to reap the benefits.


Cloud computing itself is affordable but tuning the platform according to the company’s needs can be expensive.

Even if you host your data and systems off-site, there are internal labor costs, as you scale up to handle workload, there’s a complexity with managing large numbers of cloud instances, just like managing large number of servers.

Furthermore, the expense of transferring the data to public clouds can prove to be a problem for short-lived and small-scale projects. It can cost tens of thousands of dollars per year to move large volumes of data to public cloud services and to store that data for long periods of time.

Long-term data storage in the cloud can be a significant cost. You pay for it every month, and if you consider data growth over the next few years, the life cycle cost of data can be quite high when stored in the cloud.

Although companies can save some money on system maintenance, management, and acquisitions, they also must invest in additional bandwidth, and the absence of routine control in an infinitely scalable computing platform can increase costs.

Network bandwidth accounts for much of the cost of moving data, cloud providers might charge upload and download fees.

Also, cloud data backup is expensive, could be as much as three to four times what it would cost to keep data internally.

Lack of Cloud Specialists

Organizations are increasingly placing more workloads in the cloud while cloud technologies continue to rapidly advance. Due to these factors organizations are having a hard time keeping up with the tools. Also, the need for expertise continues to grow.

Small and medium-sized enterprises without cloud computing expertise lose more than $258 million annually, according to a Rackspace and London School of Economics and Political Science report. Around 65% of IT pros said the cloud skills gap is hurting innovation and creativity.

Organizations may find adding cloud specialists to their IT teams to be prohibitively costly. Luckily, many common tasks performed by these specialists can be automated.

Governance & Control

IT governance policies are critical to ensure that agreed upon policies and procedures are being followed when implementing new IT assets, to make sure they are properly controlled and maintained, supporting your organizations strategy and business goals.

In cloud-based environments, in some cases, IT departments do not always have full control over the provisioning, de-provisioning and operations of infrastructure.

This results in increased difficulties to provide the governance, compliance and risk management required.

To mitigate the various risks and uncertainties in transitioning to the cloud, IT must adapt its traditional IT governance and control processes to include the cloud.  To this effect the role of central IT teams in the cloud has been evolving over the last few years. Along with business units, central IT is increasingly playing a role in selecting, brokering, and governing cloud services. On top of this, third-party cloud computing/management providers are progressively providing governance support and best practices.

Password Security

Industrious password supervision plays a vital role in cloud security. However, the more people you have accessing your cloud account, the less secure it is. Anybody aware of your passwords will be able to access the information you store there.

Businesses should employ multi-factor authentication and make sure that passwords are protected and altered regularly, particularly when staff members leave. Access rights related to passwords and usernames should only be allocated to those who require them.

Security issues

If a company outsources the processing or storage of data that it is required to protect, then it is relying on a cloud service provider to maintain their compliance.

When you’re auditing a cloud service provider’s security and privacy laws, make sure to also confirm the third biggest issue is taken care of: compliance.

Your organization needs to be able to comply with regulations and standards, no matter where your data is stored.


Conclusion (Cloud Computing Part 1 -3)

In my humble opinion – Cloud computing is here to stay, the benefits are so many, and if you only do your due diligence, the benefits greatly exceed the concerns, with its flexibility, scalability, and ease of adoption.

There’s no longer a need for businesses to buy their own hardware, build and maintain their own data centers, having to deal with costly server maintenance, or worrying about business continuity planning and disaster recovery, all this while having the opportunity of the flexibility to scale up or down overnight.

For startups and small to medium sized businesses (SMEs), having the ability to quickly adopt to new circumstances such as growing business opportunities, or during slower business periods is especially beneficial.


Mikael Grondahl

File Server security (Part 3) – Securing your Windows File Servers

In the two previous parts of “File Server Security” (1-2), we looked at ways for you to physically secure your files servers, making it more difficult for perps to get physical access to your servers and the data, but if they still would, we would surely make them sweat a little bit before they could “enjoy” it.

We also looked at ways to minimize the attack surface by utilizing firewalls, avoiding internet connections, getting rid of unnecessary software, stopping services, malware protection and so on…

In this third and final part of “File Server Security”, we will put the final touch on our file server security recipe, for now…

Read more…

Mikael Grondahl

File Server security (Part 2) – Securing your Windows File Servers

In the first part of File Server security we covered the importance of physically protecting our file servers, preventing evil predators from putting their filthy hands on our physical hardware, trying to get access to sensitive data.

If someone would simply walk into a server room, or datacenters, grab one of the file servers and make a run for it, that would surely make physical security look a bit sloppy, don’t you think?

But now that we hopefully have that area under control, let’s look at a few more ways to make it harder for the evil forces to get access to our data.

Read more…

Mikael Grondahl

File Server Security (Part 1) – Securing your Windows File Servers

Do you remember the days when you stored everything on a file server? I’m not talking about a fancy cluster, blade server, or a virtual machine, just that one boxy piece of metal collecting dust in the corner of the cold and noisy server room?  

Well, that server might still be around you know! You may not recognize it since it’s been through a few facelifts, tune-up’s, personality changes and lost a few pounds, but it’s still there though, probably with the same name and ip-address too…

Problem is that through all these external and internal changes, one important thing was forgotten – Self-defense skills! Chuck Norris was too busy.

But it should be OK right? Nothing has happened in the last 15 years, we’ll deal with it when we’re less busy…

Read more…

Mikael Grondahl

Payment Card Industry Data Security Standard – A safety feature we all benefit from…

A few months ago, I received a call from American Express…

“Mr. Grondahl, this is Jennifer from American Express, you wouldn’t happen to be in Kuala Lumpur, Malaysia, would you? We believe someone is using your credit card there right now” 

“Thank you for your call Jennifer, I wish I was in Kuala Lumpur, but unfortunately no, I’m not”

“OK, that’s what we suspected, so we already put a hold on your credit card”

“The charges made to the card will be revoked, and we will send you a new card within 2 business days”

These guys stay on top of it for sure, got to love them for that. I’ve even received a phone call from a credit card company when trying to use my card at a gas station about 4 hours north from where I live, the neighborhood that I had to stop in was not in the best area of town, but I was pretty much flying on fumes, so not a whole lot of options there. Also, didn’t want to risk being late for my Iron Maiden concert…

So how is it that some shady people get a hold of, and try to use your credit card information?

Read more…

Mikael Grondahl

HIPAA: The Importance of Your Privacy – Part 2

We previously discussed the importance of your privacy, and the fact that we don’t want our personal health information floating around across the internet or exposed to strangers in other ways.

There’s obviously not anyone’s business when I had my latest flu vaccine shot, or any other procedures, except for my doctor or other involved medical staff.

Here’s an overview of HIPAA, examples of a couple of violations that has occurred recently, and the fines and penalties related to not following HIPAA law.

Read more…