Making sense of your logs

Share this article:
ViJay Viswanathan CISO, HD Supply
ViJay Viswanathan CISO, HD Supply

As organizations continue to embrace cloud, mobility and agility-driven business models, formerly well-defined network boundaries evolve into virtual bridge and termination points. So, is it sufficient to continue with the traditional log-aggregation model that drives security information and event management (SIEM)? 

It's clear that efficient solutions are required that are not only agile and easy to implement, but act as a compelling ROI barometer for security leaders who tend to operate with shoestring budgets.

While some pros are still mired in a reactive approach that always has the security teams playing catch-up, it's a more stealthy approach to be proactive so as to catch the likelihood of a threat that's around the corner. In other words, you want a strategy that provides intelligence. 

Organizations today have a master data model to drive efficiencies in system design. How about a similar approach for the enterprise security program? Let's consider a security model that has tools in place for infrastructure and network security, incident management, identity and access management, application and data security, and compliance. The associated tools produce a plethora of valuable logs during normal and active threat activity. With the assumption that we have our high-value targets identified by the security master data model, we can start visualizing the one-dimensional logs and – with enriching analytics – observe as they take shape into multidimensional security intelligence.

Leveraging a distributed computer platform, like Hadoop, and an analytics platform, like IKANOW, the data sources from different tools can be enriched to produce compelling intelligence that can easily become a decision platform for security leaders. Further, integration with an existing or other open source business intelligence platform can produce visually powerful and actionable security intelligence. This is not only practical for organizations of all sizes, but it encourages security professionals to evolve into critical business leaders. The entire setup can be built in the cloud to gradually scale the platform to do more as the business continues to push the boundaries. 

So, can an approach combining log management and Big Data yield significant results? Absolutely. In fact, most organizations could evolve in this manner. These organizations may find it beneficial to look at developing a security intelligence platform as a multi-generation initiative. A good baseline to demonstrate the maturity of one's security program is to revisit the enterprise security roadmap and introduce a security intelligence platform as a possible top-level milestone. This drives focus when evolving each of the security services resulting in a comprehensive view of things that matter the most.

Photo by Chris Volpe/zuma

Share this article:

Sign up to our newsletters

More in Opinions

Successful strategies for continuous response

Successful strategies for continuous response

While it isn't realistic for organizations to expect that it will never happen to them, a rapid, professional and continuous response can limit their scope and reputational impact.

When it comes to cyber attacks, predictions are pointless but preparation is key

When it comes to cyber attacks, predictions are ...

Rather than predicting the next lightning strike it is far better to pay attention to the areas we already know are vulnerable.

Protecting what matters

Protecting what matters

Whether it is a database of customer information or valuable intellectual property, an organization's "crown jewels" need to be protected with the most robust security possible.