Making sense of your logs

Share this article:
ViJay Viswanathan CISO, HD Supply
ViJay Viswanathan CISO, HD Supply

As organizations continue to embrace cloud, mobility and agility-driven business models, formerly well-defined network boundaries evolve into virtual bridge and termination points. So, is it sufficient to continue with the traditional log-aggregation model that drives security information and event management (SIEM)? 

It's clear that efficient solutions are required that are not only agile and easy to implement, but act as a compelling ROI barometer for security leaders who tend to operate with shoestring budgets.

While some pros are still mired in a reactive approach that always has the security teams playing catch-up, it's a more stealthy approach to be proactive so as to catch the likelihood of a threat that's around the corner. In other words, you want a strategy that provides intelligence. 

Organizations today have a master data model to drive efficiencies in system design. How about a similar approach for the enterprise security program? Let's consider a security model that has tools in place for infrastructure and network security, incident management, identity and access management, application and data security, and compliance. The associated tools produce a plethora of valuable logs during normal and active threat activity. With the assumption that we have our high-value targets identified by the security master data model, we can start visualizing the one-dimensional logs and – with enriching analytics – observe as they take shape into multidimensional security intelligence.

Leveraging a distributed computer platform, like Hadoop, and an analytics platform, like IKANOW, the data sources from different tools can be enriched to produce compelling intelligence that can easily become a decision platform for security leaders. Further, integration with an existing or other open source business intelligence platform can produce visually powerful and actionable security intelligence. This is not only practical for organizations of all sizes, but it encourages security professionals to evolve into critical business leaders. The entire setup can be built in the cloud to gradually scale the platform to do more as the business continues to push the boundaries. 

So, can an approach combining log management and Big Data yield significant results? Absolutely. In fact, most organizations could evolve in this manner. These organizations may find it beneficial to look at developing a security intelligence platform as a multi-generation initiative. A good baseline to demonstrate the maturity of one's security program is to revisit the enterprise security roadmap and introduce a security intelligence platform as a possible top-level milestone. This drives focus when evolving each of the security services resulting in a comprehensive view of things that matter the most.

Photo by Chris Volpe/zuma

Share this article:

Sign up to our newsletters

More in Opinions

A wake-up call for retailers

A wake-up call for retailers

Recent events should serve as wake-up calls for organizations in the retail and hospitality space to evaluate their third-party vendors.

Unfair competition: Proactive preemption can save you from litigation

Unfair competition: Proactive preemption can save you ...

With each job change, the risk that the new hire will bring confidential information or trade secrets with him or her to the new company grows.

Hackers only need to get it right once, we need to get it right every time

Hackers only need to get it right once, ...

Hackers only need to find one weak point to steal valuable information. On the flip side, security pros need to account for every possible scenario.