Every PC and server you use will keep an audit of its activity, which gives you valuable insight into the behaviours of its users
Log management is an essential tool in the battle against cyber-crime. It might not be as glamorous as anti-malware software, or the use of honeypots, but it can be the single most important way of preventing a potential hack. It is effectively the gathering of information from your systems. Every PC and server you use will keep an audit of its activity, which gives you valuable insight into the behaviours of its users. You are able to track exactly who logged in at any given time, and where exactly they were accessing.
It is surprising how many bigger organisations are either oblivious to log management, or simply disregard their importance. The quantity of data that is wasted by these companies is staggering. What is more interesting though is that many of these firms will have a requirement to gather the information their logs impart as part of their compliance. This means that they have the data already acquired but fail to use it to their advantage. This is a terrible waste.
As well as alerting to potential breaches in security, log management can also highlight where power supply issues have arisen from, or why a particular system is performing badly. The data gathered can be turned into detailed reports for senior managers to assess which, in turn, can lead to an organisation targeting the issues that are causing the problems and dealing with them directly at the source.
To individuals who value data, a log management entry reads as the story of a system. If regularly reviewed, the logs are able to warn of potential failures that might occur, or alert you to the beginnings of a system hack. Written into the code will be the evidence of multiple failed logins for example, or indications that an infection has occurred. For organisations that work across multiple systems, the logs, read together, can provide a map that highlights areas under persistent attack.
Even Wi-Fi routers will create logs, which offers the full picture of exactly which devices have connected to your network.
To some, the thought of analysing and monitoring log management data is either confusing or tedious. Luckily, there are tools available to help simplify the process even further, so that you are able to integrate the practice more seamlessly into your company, systems such as nSIEM – Data Protection Audit and Event Management or Assuria, Log Management to name a few.
So, if you aren’t regularly monitoring your log data, then why not? It could be your single most valuable tool when it comes to battling against potential hackers and reducing the issues surrounding your systems.
Colin Tankard is MD data security company Digital Pathways, which is a specialist in the design, implementation and management of systems that ensure the security of all data whether at rest within the network, mobile device, in-storage or data in-transit across public or private networks.
If you liked this, you may wish to view the following:
Digital security solutions for SMEs, by Colin Tankard, managing director, Digital Pathways
Often a hacker can remain on your system for months, gathering data, exploiting your network and gradually making their way up the chain
Lack of training is leaving firms vulnerable to cyber attacks
A Government report reveals that while two-thirds of firms have experienced a cyber attack, many still aren’t investing in the skills and knowledge to defend themselves