Guest post – Ben Goodman, Principal Strategist, Identity & Security, Novell
After long days and late nights, many attendees typically spend the last portion of Interop sleeping in, catching up on the crazy schedule and pace of the week’s events. Not so this year. Rather than sawing logs, a standing room-only crowd was discussing logs at my session titled Preventing the Next Data Breach through Log Management. Here are some highlights:
Securing your IT infrastructure has never been tougher. One of the unfortunate side effect of a down economy leads to an increase in crime of all kinds -cybercrime is no exception. One of the newest and most dangerous cyber attacks, Advanced Persistent Threats (APTs) are on the rise. As you may know, APTs are a new breed of sophisticated cyber attack, which are being used by both professional hackers and nation-states. These sophisticated and persistent attacks target governments as well as companies. The Operation Aurora attack on Google is a prime example of an APT. This article in Wired is a good write-up explaining the incident.
As if the criminal element didn’t expose your organization to enough risk. Social networking, cloud computing, virtualization, enterprise mobility and other current IT trends open up your network and make it that much tougher to protect your data.
As it stands, the situation is simply unsustainable. Security organizations are underfunded. And business managers don’t understand the risks. As such, it’s hard for them to justify current expenses-let alone add budget for enhancing security. Businesses have no choice but to focus on compliance. However, compliance does not equal security and therefore only protects your organization against fines-not cyber criminals or inadvertent data loss and resulting brand and monitory damages.
To do your job effectively, you’ve got to fight for budget like never before. So how can you justify a security investment to your boss? First, let’s just face facts. No endpoint is truly secure. And as a result your network will inevitably be breached, if it hasn’t been already. The question is just how bad will the breach be?
One answer to limiting the damage from a breach is to adopt log management as an essential layer of your network security. Verizon Business, in their 2008 Data Breach Investigations Report said: “Evidence of events leading up to 82 percent of data breaches was available to the organization prior to actual compromise.”
Log management provides a tool for collecting and storing large amounts of security information that you can then search and generate reports from. Using log management, you can reduce risk, detect attacks, and inspect and remediate security issues.
So what do you look for in a log management solution? Flexibility, scalability and a good user interface. Flexibility gives you the ability to deploy in a virtual or cloud environment. Scalability helps you effectively manage the current and future growth of security events you needs to process. And finally, choose a good user interface that is simple and intuitive. Nobody likes a kludgy interface”¦. that could put you to sleep and have you sawing logs instead of managing them.
Click here to get a copy of my Interop presentation: Preventing the Next Data Breach through Log Management.