Log4j Vulnerability Response Center. Get Informed Now

Back to blog results

March 6, 2012 By Joan Pepin

Maximizing the Value and Minimizing the Overhead

Logs" class="redactor-autoparser-object">https://www.sumologic.com/blog... are the Cornerstone of Security Best Practices.

Anyone who has worked in the field of Information Security for any length of time will tell you: there is a lot of security and security-relevant data out there in the enterprise. Access logs, database logs, application logs from web, email and other services are all useful and sometimes essential in bringing a security investigation to a successful conclusion. Of course, traditional firewalls alone generate a tremendous volume of logs, and web-proxy log volumes can be staggering. Intrusion Detection Systems (IDS) are very noisy, and then you have the Anti-Virus logs, the DHCP logs, Active Directory or LDAP logs, authentication logs from disparate operating systems spread across the globe (often in different time-zones).

But is Log Management your Core Competency?

There is meaning and value that an experienced security analyst can glean from this ocean of data, but simply managing it all and getting it all into a place where the analysts can access it, while ensuring proper access controls, (and yes, logging access to the sensitive logs may be a requirement in many cases!) and maintaining the complex and expensive tools required to wrangle all of it can be a huge burden to your bottom-line. Security teams already face the burden of being a cost center and struggle in the face of increasing threats and decreasing budgets to secure an increasingly distributed and heterogeneous environment, and they do not need the added overhead of heavy and high-maintenance tools.

Large-Scale, Cloud-Based Data Management and Analytics Platforms May Fill the Gap.

By putting all of the complex and operationally intensive data management into the hands of a specialized cloud provider you can focus your security budget on defense in depth and incident response rather than the overhead of your log data. Recent advances in Big Data management and NoSQL technologies have finally started to allow for the types of analytics and correlation security analysts have long sought after, but that most enterprises do not have the resources to develop or support. Enter the cloud-based Big Data provider. They have built their platforms to scale using these technologies from the ground up, and integration with Infrastructure as a Service (IaaS) providers allow them to affordably and programmatically scale their systems to meet your changing log volumes, resulting in lower costs to you for access to cutting-edge technological platforms.

In the Cloud, Security Fundamentals are Still Measurable.

Of course, there are security concerns about trusting your potentially sensitive log data to a cloud provider, but there are number of factors that you should consider objectively when weighing these risks. First off, consider the security policies and practices in place within your service-provider, and are they doing more or less than you yourself are able to do to secure your data? I think you will find that there are certainly plenty of cases where the cloud providers can and do provide excellent security measures that are above and beyond what many enterprises can afford or enforce.

Also consider what types of security practices and certifications are followed and held by the underlying infrastructure services? Many IaaS providers (such as Amazon Web Services and Rackspace) maintain stringent security certifications well beyond what many enterprises themselves can provide in terms of security, availability, and compliance.

You need to weigh the risks introduced by your provider against the benefits of greater data visibility, faster and less manpower-intensive investigations, and a reduced bottom-line. And finally, consider that cloud infrastructure and service providers have a tremendous disincentive to be lax on their security. Typically a given enterprise does not stake its entire reputation and business model around its security practices, however cloud providers are at much more risk of complete brand-destruction should their defenses be breached.

– Joan Pepin, Director of Security

https://www.sumologic.com/blog... class="at-below-post-recommended addthis_tool">

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.

Sumo Logic Continuous Intelligence Platform™

Build, run, and secure modern applications and cloud infrastructures.

Start free trial

Joan Pepin

More posts by Joan Pepin.

People who read this also enjoyed