Comprehending Security Log Analysis for salvaging organizations ~ Blog, PC Care 247 Tech Support Redefined

Tuesday, 22 November 2011

Comprehending Security Log Analysis for salvaging organizations

Going by the Chinese lexicon, the term ‘crisis’ end up comprising of two words ‘danger’ and ‘opportunity’. The idea being one should end up looking for the gold buried within a crisis. Well, then as it would turn out the slogan doesn't seem to be quite true. Chinese scholars don’t dispute the ‘danger’ part, but it looks like somebody pulled a fast one on ‘opportunity.’ It turns out the term ‘opportunity’ really depicts something closer to ‘critical moment.’

It essentially means we would need to accept a crisis just plain mean and serious. Maybe, that’s what it exactly means for at the end of the no matter how hard we try we cannot end up avoiding all crisis in our jobs, but our jobs are meant to prevent our organization from plunging into one.

The saga of Security Logs
Where do security logs come into the picture? Quality data in form of security logs helps one take decisions and yet avoid crisis; essentially meaning security logs are a danger and an opportunity at the same time. Considered to be dangerous when they are not capturing data, or when the data is not being analyzed regularly and properly while at the same time presenting an opportunity to scour security logs, devour details in order to make an organization stronger.

Credos for effective Log Monitoring Process
There are critical facets one needs to consider for a security log monitoring process. And even though there can be other things on the list, in reality there can be other things which might merit a higher level of thought and attention. Comprising of company-specific rules or constraints considered of leaving a lasting impact on security log analysis program.

Categorizing Compliance Drivers
Companies need to follow specific government or industry mandated rules governing information security? In the financial industry, complying with the Sarbanes-Oxley regulations is a must for avoiding all possible financial and legal penalties. The same rule applies to companies associated with the health care industry; asked of following the HIPAA regulations to ensure any requirements related to logging and compliance are readily complied with.

Classifying Identity Logs
The number of security logs an organization possesses can have a bearing on it security. A case in point wherein a full security log audit ends up comprising of logs related to devices and activities running the overall operations. This category is inclusive of firewalls, VPN systems, authentication servers, mail servers, database servers and application servers.

Ranking of Logs
In spite of many logs residing on a system; not all systems, data and their associated logs are of equal value. One of those cases where one needs to allocate time and energy to the most mission-critical logs first and work towards less important and fringe logs with time permitting. Yet, at the same time one need not have an unmonitored log for at the end of the day as not every ends up deserving the same degree of time and attention in a process.

Committed Teams
Once having identified and ranked the logs, the next step would be to establish formal teams to divvy up the workload. A step considered good towards using people resources to the fullest as well as carrying out database log analysis in tandem with the DBAs and database developers. Leading to a scenario where individuals may not actually ever capture or view a log file but end up using the same expertise for understanding data and crafting responses.

Benchmarking Procedures
It makes little sense to establish a great system for capturing and analyzing security log data without any procedures to respond appropriately to what is discovered. This is where analysis morphs into response. The appropriate response may be to simply do nothing, but unless this has been thought about thoroughly, documented and communicated to a team, the analysis serves little purpose. You can’t create a procedure for every possible scenario but you can easily identify the most common type of scenarios that logs can generate.

Maximizing Automation
Once having identified the final objective; the next objective is to work on streamlining and automating capture, analysis and response procedures. Software tools along with simple flowchart analysis help in minimizing the time and effort required for achieving a greater degree of vigilance one seeks.

Employing Redundant Analysts
A majority of log consolidation and analysis tools provide a capability for targeting specific log events and set response actions. However, it needs to be remembered most powerful computers are still being run by human experts. A basic tenet where any log file employs procedures for multiple people to go ahead and review the data.

No comments:

Post a Comment Copyright © 2012-2013 by PCCare247 Solutions (P) Ltd.