Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Management //


08:15 AM
Carol Wilson
Carol Wilson
News Analysis-Security Now

CenturyLink Enhances Log Management for Hybrid Networks

CenturyLink's new Security Log Management 2.0 ingests data from multiple types of logs to give greater visibility and protection over cloud and mobile networks.

CenturyLink is enhancing its Security Log Monitoring offering to specifically address hybrid networking environments, the shift of workloads to the cloud and the increased mobility of the workforce by offering a single view of hundreds of common log source types.

Combining that single view with correlated threat intelligence, some new cloud security monitoring features and a mobile application for real-time, rapid threat detection and response, CenturyLink claims it can give enterprises not only better visibility into potential threats but also a faster way to respond to them.

As importantly, the new enhanced Security Log Monitoring 2.0 service is being offered at no charge for up to 10 gigabytes per traffic ingested per day, said Chris Richter, vice president of global security services for CenturyLink.

"The intent behind the service is to reduce the cost of security while improving performance and improving security efficacy overall," Richter said. Instead of operating their own security operations center and buying their own security information and event management tools plus hiring people to operate them, "enterprises can outsource the SOC and SIEM functions and log management functions that they would otherwise have to do on their own."

Richter says the benefits to enterprises include lower cost, reduced complexity and improved security and performance.

CenturyLink is leveraging its 2016 purchase of netAura, a security log management and SIEM platform company to which customers could outsource their logs, he explains.

"Over the last two years plus a few months, we have been building on that platform and expanding our log collector infrastructure, adding to the types of logs that we ingest and enhancing and improving the algorithms in our correlation engine," Richter said. "This log management and SIEM platform is built on open source and proprietary tools and it is used by personnel in seven global SOCs. We ingest logs from any environment -- they don't need to be on the CenturyLink network. We use virtual log collectors that are virtual machine-based that can be put inside the customers' environment or customers can push their logs to our network-based global log collectors."

Boost your understanding of new cyber security approaches at Light Reading's Automating Seamless Security in Carrier & Enterprise Networks event on October 17 in Chicago! Service providers and enterprises receive FREE passes. All others can save 20% off passes using the code LR20 today!

Typically firewall logs are collected but also those from virtual private networks, databases, cloud infrastructure and servers, he added. The ability to bring all those types of disparate logs into a central site gives enterprises greater visibility into their networks and the ability to better correlate activity faster.

Enterprises who grow their businesses beyond the 10-gig daily rate, in terms of log data ingested, will pay for the service based on usage, and Richter says many businesses will do that. The free 10-gig approach at least lets companies try the service before they commit financially.

Businesses are at greater risk in the hybrid networking world because there are more places where data should be collected, to detect potentially dangerous patterns, he adds. What CenturyLink is trying to do is provide a "very adaptable platform for business environments that are going through this kind of transition," Richter said. "The logs can be gathered anywhere on the globe."

The log collection tools go hand-in-hand with SIEM tools which then use log data to perform event correlation and analysis, he says. In addition, log data often must be retained to meet industry and regulatory compliance.

"We also are in the process of integrating our threat intelligence platform with our log management platform so we can see real-time active threats," Richter noted. "That's the next step in this process."

Related posts:

— Carol Wilson, Editor-at-Large, Light Reading

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.