Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Management //

SOC

6/28/2018
08:15 AM
Carol Wilson
Carol Wilson
News Analysis-Security Now
50%
50%

CenturyLink Enhances Log Management for Hybrid Networks

CenturyLink's new Security Log Management 2.0 ingests data from multiple types of logs to give greater visibility and protection over cloud and mobile networks.

CenturyLink is enhancing its Security Log Monitoring offering to specifically address hybrid networking environments, the shift of workloads to the cloud and the increased mobility of the workforce by offering a single view of hundreds of common log source types.

Combining that single view with correlated threat intelligence, some new cloud security monitoring features and a mobile application for real-time, rapid threat detection and response, CenturyLink claims it can give enterprises not only better visibility into potential threats but also a faster way to respond to them.

As importantly, the new enhanced Security Log Monitoring 2.0 service is being offered at no charge for up to 10 gigabytes per traffic ingested per day, said Chris Richter, vice president of global security services for CenturyLink.

"The intent behind the service is to reduce the cost of security while improving performance and improving security efficacy overall," Richter said. Instead of operating their own security operations center and buying their own security information and event management tools plus hiring people to operate them, "enterprises can outsource the SOC and SIEM functions and log management functions that they would otherwise have to do on their own."

Richter says the benefits to enterprises include lower cost, reduced complexity and improved security and performance.

CenturyLink is leveraging its 2016 purchase of netAura, a security log management and SIEM platform company to which customers could outsource their logs, he explains.

"Over the last two years plus a few months, we have been building on that platform and expanding our log collector infrastructure, adding to the types of logs that we ingest and enhancing and improving the algorithms in our correlation engine," Richter said. "This log management and SIEM platform is built on open source and proprietary tools and it is used by personnel in seven global SOCs. We ingest logs from any environment -- they don't need to be on the CenturyLink network. We use virtual log collectors that are virtual machine-based that can be put inside the customers' environment or customers can push their logs to our network-based global log collectors."


Boost your understanding of new cyber security approaches at Light Reading's Automating Seamless Security in Carrier & Enterprise Networks event on October 17 in Chicago! Service providers and enterprises receive FREE passes. All others can save 20% off passes using the code LR20 today!

Typically firewall logs are collected but also those from virtual private networks, databases, cloud infrastructure and servers, he added. The ability to bring all those types of disparate logs into a central site gives enterprises greater visibility into their networks and the ability to better correlate activity faster.

Enterprises who grow their businesses beyond the 10-gig daily rate, in terms of log data ingested, will pay for the service based on usage, and Richter says many businesses will do that. The free 10-gig approach at least lets companies try the service before they commit financially.

Businesses are at greater risk in the hybrid networking world because there are more places where data should be collected, to detect potentially dangerous patterns, he adds. What CenturyLink is trying to do is provide a "very adaptable platform for business environments that are going through this kind of transition," Richter said. "The logs can be gathered anywhere on the globe."

The log collection tools go hand-in-hand with SIEM tools which then use log data to perform event correlation and analysis, he says. In addition, log data often must be retained to meet industry and regulatory compliance.

"We also are in the process of integrating our threat intelligence platform with our log management platform so we can see real-time active threats," Richter noted. "That's the next step in this process."

Related posts:

— Carol Wilson, Editor-at-Large, Light Reading

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15596
PUBLISHED: 2020-08-12
The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file.
CVE-2020-15868
PUBLISHED: 2020-08-12
Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control.
CVE-2020-17362
PUBLISHED: 2020-08-12
search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS.
CVE-2020-17449
PUBLISHED: 2020-08-12
PHP-Fusion 9.03 allows XSS via the error_log file.
CVE-2020-17450
PUBLISHED: 2020-08-12
PHP-Fusion 9.03 allows XSS on the preview page.