Log Management

The Importance of Log Management

Automated analysis of logs in near real time can detect data breaches in progress. Forensic analysis of logs after the breach has occurred can trace the breach back to its source and trace it forward to the other systems that were compromised.

Limitations of Log Management

Log management is effective as a security control only to the extent that complete log data is gathered, aggregated, consolidated and analyzed throughout the entire organization, across each and every device in the network. Collecting this log data can use significant WAN bandwidth and disk storage.

A skilled attacker in certain situations will have the ability to clear his presence from the log files in order to prevent forensic detection.

Vidder's Recommendations for Deploying Log Management

Vidder strongly recommends logging all security-related events on all hardware devices and software applications. These logs should be forwarded to a SIEM and stored in an encrypted format (see Vidder's recommendations for SIEM for other suggestions).

However, companies should not rely solely on automated log analysis. Rather, servers containing highly confidential data should have their logs analyzed manually on a regular basis.

Trusted Networking

Architecture

Applications

Industries

Overview

Internet Services

Perimeter Penetrating

Lateral Movement

Secure Clients/Servers

Data Security

Secure Networks

Secure Admins