Making sense of your logs

Share this article:
ViJay Viswanathan CISO, HD Supply
ViJay Viswanathan CISO, HD Supply

As organizations continue to embrace cloud, mobility and agility-driven business models, formerly well-defined network boundaries evolve into virtual bridge and termination points. So, is it sufficient to continue with the traditional log-aggregation model that drives security information and event management (SIEM)? 

It's clear that efficient solutions are required that are not only agile and easy to implement, but act as a compelling ROI barometer for security leaders who tend to operate with shoestring budgets.

While some pros are still mired in a reactive approach that always has the security teams playing catch-up, it's a more stealthy approach to be proactive so as to catch the likelihood of a threat that's around the corner. In other words, you want a strategy that provides intelligence. 

Organizations today have a master data model to drive efficiencies in system design. How about a similar approach for the enterprise security program? Let's consider a security model that has tools in place for infrastructure and network security, incident management, identity and access management, application and data security, and compliance. The associated tools produce a plethora of valuable logs during normal and active threat activity. With the assumption that we have our high-value targets identified by the security master data model, we can start visualizing the one-dimensional logs and – with enriching analytics – observe as they take shape into multidimensional security intelligence.

Leveraging a distributed computer platform, like Hadoop, and an analytics platform, like IKANOW, the data sources from different tools can be enriched to produce compelling intelligence that can easily become a decision platform for security leaders. Further, integration with an existing or other open source business intelligence platform can produce visually powerful and actionable security intelligence. This is not only practical for organizations of all sizes, but it encourages security professionals to evolve into critical business leaders. The entire setup can be built in the cloud to gradually scale the platform to do more as the business continues to push the boundaries. 

So, can an approach combining log management and Big Data yield significant results? Absolutely. In fact, most organizations could evolve in this manner. These organizations may find it beneficial to look at developing a security intelligence platform as a multi-generation initiative. A good baseline to demonstrate the maturity of one's security program is to revisit the enterprise security roadmap and introduce a security intelligence platform as a possible top-level milestone. This drives focus when evolving each of the security services resulting in a comprehensive view of things that matter the most.

Photo by Chris Volpe/zuma

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in Opinions

Beware of the malware walking dead

Beware of the malware walking dead

This Hallows Eve might be a good time to remind ourselves that zombies can be just as deadly, and I'm referring to recycled tools and techniques from years gone by.

Why the Home Depot attack shouldn't have happened

Why the Home Depot attack shouldn't have happened

Major retailers are falling prey to massive credit card information heists, despite spending millions on cyber security systems.

Next-generation malware: Think like the enemy and avoid the car alarm problem

Next-generation malware: Think like the enemy and avoid ...

When it comes to enterprise security, one rule remains constant - attacks will continue to increase in sophistication and attackers will seek to outmaneuver existing defenses.