The proper and reliable monitoring of logs is the first step in building a solid cyber infrastructure, particularly for large global organizations that manage thousands of transactions a day. System logs contain a wealth of information about the health of the network and should be monitored regularly in order to identify potential malicious activity – both internal or external.
And while system logs are critical for threat detection and investigation, the proper collection and management of log data is an essential compliance requirement for companies that manage personal data. The ability to quickly identify who got in, how they got in, and what they took is critical for the investigation and reporting of cyber incidents.
Log management is also a requirement for complying with information security regulations and will be critical for meeting updated reporting timelines required for publicly traded companies, which would require organizations to report the material incidents of a breach in a matter of days.
To meet current compliance requirements, prepare for future reporting and compliance requirements, in addition to meeting the reporting needs of the business, the Chief Information Security Officer and his team needed a robust logging solution that would:
- Collect a wide variety of logs from business-critical Windows servers located in geographically distributed regions across the globe
- Send disparate log subsets to multiple SIEMs while reducing network overhead and providing in-flight encryption
- Solidify a solution with warm failover capability for disaster re-routing of log traffic
- Deploy globally with minimal human resources
- Provide at-the-ready telemetry of system counts under license