Enterprises have a wealth of security information that can help stop attacks. Here are some tips on how to use it

Adrian Lane, Contributor

June 7, 2012

1 Min Read

[Excerpted from "15 Ways to Get More Value From Security Log and Event Data," a new report posted this week on Dark Reading's Security Monitoring Tech Center.]

Data is both a blessing and a curse for organizations today. The enormous amounts of log data generated by enterprise networks, servers, personal computing devices, and applications can be mined and analyzed to identify and even prevent threats to security, not to mention drive purposeful, strategic technology and business decisions. But all that data presents a huge challenge: In this sea of data, we often don’t know what’s important.

In other words, we are drowning in data but are thirsty for actionable information. There’s a growing push to solve this issue.

Trouble is, there is no universal attack detection “secret sauce,” nor a simple button you can push to help extract more value from your log files. In reality, the tasks that SIEM -- or security information and event management -- and log management tools are designed to help automate are complicated, and the scope of systems and data they are required to monitor makes detecting attacks and failures like finding the proverbial needle in a haystack.

In general, getting more out of your organization’s log and event data is really about doing more with what you already have. There is no dearth of tools for monitoring and analyzing the data generated by the dozens -- if not hundreds -- of IT systems in any organization. However, the resources and expertise to take full advantage of these tools can be elusive.

So how do you successfully mine, analyze, and apply information from log and event systems?

About the Author(s)

Adrian Lane

Contributor

Adrian Lane is a Security Strategist and brings over 25 years of industry experience to the Securosis team, much of it at the executive level. Adrian specializes in database security, data security, and secure software development. With experience at Ingres, Oracle, and Unisys, he has extensive experience in the vendor community, but brings a pragmatic perspective to selecting and deploying technologies having worked on "the other side" as CIO in the finance vertical. Prior to joining Securosis, Adrian served as the CTO/VP at companies such as IPLocks, Touchpoint, CPMi and Transactor/Brodia. He has been invited to present at dozens of security conferences, contributed articles to many major publications, and is easily recognizable by his "network hair" and propensity to wear loud colors.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights