Making sense of your logs

Share this article:
ViJay Viswanathan CISO, HD Supply
ViJay Viswanathan CISO, HD Supply

As organizations continue to embrace cloud, mobility and agility-driven business models, formerly well-defined network boundaries evolve into virtual bridge and termination points. So, is it sufficient to continue with the traditional log-aggregation model that drives security information and event management (SIEM)? 

It's clear that efficient solutions are required that are not only agile and easy to implement, but act as a compelling ROI barometer for security leaders who tend to operate with shoestring budgets.

While some pros are still mired in a reactive approach that always has the security teams playing catch-up, it's a more stealthy approach to be proactive so as to catch the likelihood of a threat that's around the corner. In other words, you want a strategy that provides intelligence. 

Organizations today have a master data model to drive efficiencies in system design. How about a similar approach for the enterprise security program? Let's consider a security model that has tools in place for infrastructure and network security, incident management, identity and access management, application and data security, and compliance. The associated tools produce a plethora of valuable logs during normal and active threat activity. With the assumption that we have our high-value targets identified by the security master data model, we can start visualizing the one-dimensional logs and – with enriching analytics – observe as they take shape into multidimensional security intelligence.

Leveraging a distributed computer platform, like Hadoop, and an analytics platform, like IKANOW, the data sources from different tools can be enriched to produce compelling intelligence that can easily become a decision platform for security leaders. Further, integration with an existing or other open source business intelligence platform can produce visually powerful and actionable security intelligence. This is not only practical for organizations of all sizes, but it encourages security professionals to evolve into critical business leaders. The entire setup can be built in the cloud to gradually scale the platform to do more as the business continues to push the boundaries. 

So, can an approach combining log management and Big Data yield significant results? Absolutely. In fact, most organizations could evolve in this manner. These organizations may find it beneficial to look at developing a security intelligence platform as a multi-generation initiative. A good baseline to demonstrate the maturity of one's security program is to revisit the enterprise security roadmap and introduce a security intelligence platform as a possible top-level milestone. This drives focus when evolving each of the security services resulting in a comprehensive view of things that matter the most.

Photo by Chris Volpe/zuma

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in Opinions

Heartbleed, Shellshock and POODLE: The sky is not falling

Heartbleed, Shellshock and POODLE: The sky is not ...

While it may seem like 2014 is the year of the vulnerability, in reality, this year has not been much different than years past.

Technology alone isn't going to secure IoT connected devices

Technology alone isn't going to secure IoT connected ...

It's clear that vulnerabilities continue to exist, despite our best efforts to combat them. In fact, we have addressed many of the same problems before.

DDoS is the new spam...and it's everyone's problem now

DDoS is the new spam...and it's everyone's problem ...

As new solutions emerge, it's critical for organizations to protect themselves by being informed, aware, and acting whenever possible. Those that don't take action are playing a very dangerous game.