Creating the Ideal Cybersecurity Blueprint: Why Log Management Is Critical in Preventing Major Fines and Long-Term Security Issues

Log-Management_Plan

Creating the Ideal Cybersecurity Plan

When it comes to creating your company’s cybersecurity plan, the focus tends to be on perimeter security products. These will generally include unified threat management systems and email gateways, endpoint detection and protection products, identity access and privilege access products, and security awareness training systems. These security products are easy to evaluate and demonstrate when it comes down to proving a quantifiable return on investment.

These products and solutions are essential in creating a solid infrastructure, but there are some critical components missing when only focusing on the perimeter.

Is log management in your cybersecurity blueprint?

If we use an analogy of a house, these traditional cybersecurity products are like your kitchen, your bathroom, or bedrooms. They are easy to see and easy to attach a value to, but it’s what you can’t see on the surface that really impacts the value, safety, and longevity of a home. If your foundation, wiring, plumbing, and electrical systems are compromised, you will have BIG (and very expensive) problems. What happens if every time you plug an appliance into the wall, it blows a fuse? Or if any time you turn on your air conditioning, your entire electrical system and power is shut down. Each of these events has the potential to compromise the safety of your home, damage the infrastructure, or lead to very costly fixes.

Those events – like plugging in a cord or turning on an appliance – are what putting in a USB, clicking on a file, or logging into a device are in cybersecurity. One event can turn into a costly compliance fine or even invite intruders into your system; and in both analogies, letting in strangers is a worst-case scenario.

Event data is your foundation.

So how do you protect your house?

Imagine if one of those events in your home led to shutting off the power. The easiest way to fix the problem is to narrow down where the problem originated and then to head over to your circuit breaker to fix the problem…

(back to cybersecurity)

That central tool to collect all of your logging events and manage the data is a centralized log management system – we call ours Snare Central.

A centralized event logging tool does not “prevent” a cybersecurity breach or attack. It can, however provide several key features that ensure that your security posture is robust.

A SIEM or ELM is essential and required technology for any organization that must comply with many regulations such as PCI DSS, HIPAA, NERC/FERC and ISO 27001. It is also necessary for any organization to have a centralized logging tool to bolster their security.

Collecting all event data from all devices within your organization, as well as some of the security applications like mobile devices, endpoint management, and firewalls will enable an organization to baseline normal activity. The Snare Central dashboard (see below) provides a visual representation of activity, so if a spike occurs, you can drill down into the action to spot nefarious activity or spot holes in the foundation of their organization.

In the event of a breach, one of the first things that will be required to review in-depth all the log files to pinpoint when and where the initial breach took place – did an end-user open an email and launch malware or attach a USB stick to their desktop and copy data? If you are only collecting from servers and security devices, you may miss an important event in your discovery.

Also, retaining this information is essential.

Going back to the home analogy, if you ever want to sell your home, most buyers will want to know what repairs were done to critical aspects of your home – wiring updated, plumbing repairs, and yes patching to the foundation of your house.

For the security team having the ability to review historical data can address any potential problems going forward.

Centralized event logging is not new, it is not sexy, but it should be part of the foundation of your security framework when it comes to your organization.

Talk to our team about adding or upgrading your log management solution

Want to learn more about how Snare’s suite of log management and collection solutions can help your company? Reach out to us here.

October 22, 2020/by Brad Thomas

Cookie and Privacy Settings

How we use cookies

We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.

Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.

Essential Website Cookies

These cookies are strictly necessary to provide you with services available through our website and to use some of its features.

Because these cookies are strictly necessary to deliver the website, refuseing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.

We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.

We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.

Google Analytics Cookies

These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website and application for you in order to enhance your experience.

If you do not want that we track your visist to our site you can disable tracking in your browser here:

Other external services

We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.

Google Webfont Settings:

Google Map Settings:

Google reCaptcha Settings:

Vimeo and Youtube video embeds:

Privacy Policy