Supporting efforts to secure IT operations against cyberattack, there are many technologies which are required to provide supplemental or ancillary information. One such need is that of centralized log management and retention.
Very often attacks on computer systems rarely look like real attacks except in hindsight – if this were not the case, ALL security defenses could be automated without ever needing to employ human analysts. This is why it’s important to know what is contained in the log files of computer systems, even in hindsight – they are often the only way to detect attacks.
In many instances the routine activities of network and system Admins look a lot like hackers. They are often using elevated privileges to make changes that could look (or be) malicious. So it is important to have more information and insights in order to effectively detect malicious behavior.
This is where Log Event Management (LEM) comes into play.
In its simplest form, Log Event Management centralizes the system logs from all workstation, server, network, and in many cases telephony devices to a secured repository that is hardened against tampering and loss. With all logs safely stored in a central location, additional monitoring and analysis can be performed to better detect attacks and malicious activity. This activity permits organizations to look at the overall activity on their network(s) through a larger lens than can be provided by a single security control or information source. For example:
- Asset Management systems only sees applications, business processes and administrative contacts.
- Network Intrusion Detection systems (IDS) only understands Packets, Protocols and IP Addresses
- Endpoint Security systems only sees files, usernames and hosts
- Application and Service Logs show user sessions, transactions in databases and configuration changes.
- File Integrity Monitoring (FIM) systems only sees changes in files and registry settings
None of these technologies, by themselves, can tell you what is happening broadly across the network. Hence the interest and need for Log Event Management systems in companies of all sizes.
Corporate Information Technologies provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.
Contact us to learn more. Don’t Gamble With Your Security