Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Management //

SOC

6/28/2018
08:15 AM
Carol Wilson
Carol Wilson
News Analysis-Security Now
50%
50%

CenturyLink Enhances Log Management for Hybrid Networks

CenturyLink's new Security Log Management 2.0 ingests data from multiple types of logs to give greater visibility and protection over cloud and mobile networks.

CenturyLink is enhancing its Security Log Monitoring offering to specifically address hybrid networking environments, the shift of workloads to the cloud and the increased mobility of the workforce by offering a single view of hundreds of common log source types.

Combining that single view with correlated threat intelligence, some new cloud security monitoring features and a mobile application for real-time, rapid threat detection and response, CenturyLink claims it can give enterprises not only better visibility into potential threats but also a faster way to respond to them.

As importantly, the new enhanced Security Log Monitoring 2.0 service is being offered at no charge for up to 10 gigabytes per traffic ingested per day, said Chris Richter, vice president of global security services for CenturyLink.

(Source: Pixabay)
(Source: Pixabay)

"The intent behind the service is to reduce the cost of security while improving performance and improving security efficacy overall," Richter said. Instead of operating their own security operations center and buying their own security information and event management tools plus hiring people to operate them, "enterprises can outsource the SOC and SIEM functions and log management functions that they would otherwise have to do on their own."

Richter says the benefits to enterprises include lower cost, reduced complexity and improved security and performance.

CenturyLink is leveraging its 2016 purchase of netAura, a security log management and SIEM platform company to which customers could outsource their logs, he explains.

"Over the last two years plus a few months, we have been building on that platform and expanding our log collector infrastructure, adding to the types of logs that we ingest and enhancing and improving the algorithms in our correlation engine," Richter said. "This log management and SIEM platform is built on open source and proprietary tools and it is used by personnel in seven global SOCs. We ingest logs from any environment -- they don't need to be on the CenturyLink network. We use virtual log collectors that are virtual machine-based that can be put inside the customers' environment or customers can push their logs to our network-based global log collectors."


Boost your understanding of new cyber security approaches at Light Reading's Automating Seamless Security in Carrier & Enterprise Networks event on October 17 in Chicago! Service providers and enterprises receive FREE passes. All others can save 20% off passes using the code LR20 today!

Typically firewall logs are collected but also those from virtual private networks, databases, cloud infrastructure and servers, he added. The ability to bring all those types of disparate logs into a central site gives enterprises greater visibility into their networks and the ability to better correlate activity faster.

Enterprises who grow their businesses beyond the 10-gig daily rate, in terms of log data ingested, will pay for the service based on usage, and Richter says many businesses will do that. The free 10-gig approach at least lets companies try the service before they commit financially.

Businesses are at greater risk in the hybrid networking world because there are more places where data should be collected, to detect potentially dangerous patterns, he adds. What CenturyLink is trying to do is provide a "very adaptable platform for business environments that are going through this kind of transition," Richter said. "The logs can be gathered anywhere on the globe."

The log collection tools go hand-in-hand with SIEM tools which then use log data to perform event correlation and analysis, he says. In addition, log data often must be retained to meet industry and regulatory compliance.

"We also are in the process of integrating our threat intelligence platform with our log management platform so we can see real-time active threats," Richter noted. "That's the next step in this process."

Related posts:

— Carol Wilson, Editor-at-Large, Light Reading

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23394
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.