Mitigate Ransomware Risks With Modern Log Management

Enterprises using a modern log management platform have key tools in place to detect and mitigate some of the risks from a ransomware attack.

Simon Simonsen, Sr. Security Architect, CrowdStrike

February 9, 2022

4 Min Read
Cyber attack red alert with skull symbol on computer screen with glitch effect.
Source: Skorzewiak from Alamy Stock Photo

You might have the luxury of time when planning for a vacation, but cybersecurity teams do not have the time to hunt in the wrong haystack when responding to security incidents.

Every second matters in the wake of an intrusion detection, as threat actors move quickly from the first breach point to various other points across the organization. The cyberattack of choice these days is ransomware, the malicious code that dark actors use to encrypt data or lock users out of their devices. Ransomware attacks are on the rise and inflicted billions of dollars in damage in 2019. Security teams cannot afford to work with legacy tools in the face of so much potential for harm. Organizations are evaluating the costs of downtime in case of a ransomware attack and what it will take for mitigation and remediation should an attack occur.

Modern Log Management Tools Help Detect and Mitigate Risk
Fortunately, modern log management, which ingests and aggregates all log data in detail, can be a helpful tool to have in detecting and mitigating risks from a ransomware attack. The key steps include preparation, prevention, detection, mitigation, recovery and root cause analysis.

Enterprises can save a lot of costs by focusing on prevention. If security teams know when an attack is taking place, they can immediately isolate systems that are not under attack and mitigate risk. However, to correctly identify indicators of compromise (IOCs) and indicators of attack (IOAs), organizations need a log management tool that integrates all of the relevant data in an organization from all endpoints and workflows and that can easily spot compromised credentials. Modern log management platforms can ingest a wide variety of sources of structured and unstructured data, empowering security teams with far more capabilities than a legacy log management platform. Knowing that there are no silos in the data gives chief information security officers (CISOs) confidence that their teams can look in just one place and see everything they need.

Modern log management tools also facilitate lightning-fast querying. You can comb through all of your data logs, even ones that are years old, in seconds — not days. Real-time querying to confirm or deny intrusions can now mitigate or even prevent incidents. Equally important, modern log management gets you the integrated data you need in a single pane of glass for observability at scale. You can prevent blind spots, recover quickly from incidents and conduct root cause analysis in real time.

Modern log management powers examination and analysis of log data from multiple sources, which is critical in quickly determining whether a suspected security incident has occurred. For example, if a ransomware attack does occur, forensics teams can expand log collection and analysis using modern log management tools to understand what happened and generate necessary documentation for compliance teams. In contrast, fragmented or incomplete log collection can hamper security monitoring and incident response.

The Characteristics of a Capable Modern Log Management Tool
A good modern log management system should enable real-time insights and encourage alignment across all teams. It should require minimal training before use and have the lowest total cost of ownership. Enterprises need not worry about apportioning more servers for logging data or adding more engineers to their teams to simply oversee the log management tools.

Speed is also crucial. Legacy log management techniques are not fully equipped to work with today’s hardware or systems, or the way we work with data today. Where once IT operators managed self-contained and isolated systems, they now support complex cloud-based and integrated applications pulling data from multiple sources. IT administrators can’t spend weeks manually searching through silos of data. And an incident is not the time to realize that a critical piece of information was never collected. Analysts need to have access to detailed data from all software and hardware infrastructure. A modern log management tool should be optimized to deliver timely insights from data so organizations can turn those insights into actions quickly and efficiently.

CISOs should demand systems that can adapt and continually keep pace with current hardware, data and workflow processes — and not come with hidden costs.

Today’s fast-moving data landscape requires constant vigilance and diligent record-keeping so threats are easier to spot and the trail of breadcrumbs is easier to follow should an attack occur. The right modern log management tool brings all of your teams together on a centralized platform and showcases live streaming data, enabling mitigation and remediation of problems. It is an effective way to stay ahead of increasingly frequent ransomware attacks.

About the Author(s)

Simon Simonsen

Sr. Security Architect, CrowdStrike

Simon has worked 15+ years as an IT security subject matter expert in roles that range from systems engineer, incident responder, external technical consultant to security architect. Has both build SecOps in financial and IT security regulated industries and provided advice and reporting to C-level and board of directors.

Simon has spoken on podcasts and conferences on the topics of building security monitoring architecture to gain leverage by knowing your own IT landscape better than the adversary.

He holds a M.A. from Aarhus University in Information Studies, CISA accreditation, and SANS training that covers incident response, digital forensics and Active Directory hardening.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights