Log-Management_Plan

Creating the Ideal Cybersecurity Plan

When it comes to creating your company’s cybersecurity plan, the focus tends to be on perimeter security products. These will generally include unified threat management systems and email gateways, endpoint detection and protection products, identity access and privilege access products, and security awareness training systems. These security products are easy to evaluate and demonstrate when it comes down to proving a quantifiable return on investment.

These products and solutions are essential in creating a solid infrastructure, but there are some critical components missing when only focusing on the perimeter.

Is log management in your cybersecurity blueprint?

If we use an analogy of a house, these traditional cybersecurity products are like your kitchen, your bathroom, or bedrooms. They are easy to see and easy to attach a value to, but it’s what you can’t see on the surface that really impacts the value, safety, and longevity of a home. If your foundation, wiring, plumbing, and electrical systems are compromised, you will have BIG (and very expensive) problems. What happens if every time you plug an appliance into the wall, it blows a fuse? Or if any time you turn on your air conditioning, your entire electrical system and power is shut down. Each of these events has the potential to compromise the safety of your home, damage the infrastructure, or lead to very costly fixes.

Those events – like plugging in a cord or turning on an appliance – are what putting in a USB, clicking on a file, or logging into a device are in cybersecurity. One event can turn into a costly compliance fine or even invite intruders into your system; and in both analogies, letting in strangers is a worst-case scenario.

Event data is your foundation.

So how do you protect your house?

Imagine if one of those events in your home led to shutting off the power. The easiest way to fix the problem is to narrow down where the problem originated and then to head over to your circuit breaker to fix the problem…

(back to cybersecurity)

That central tool to collect all of your logging events and manage the data is a centralized log management system – we call ours Snare Central.

A centralized event logging tool does not “prevent” a cybersecurity breach or attack. It can, however provide several key features that ensure that your security posture is robust.

A SIEM or ELM is essential and required technology for any organization that must comply with many regulations such as PCI DSS, HIPAA, NERC/FERC and ISO 27001. It is also necessary for any organization to have a centralized logging tool to bolster their security.

Collecting all event data from all devices within your organization, as well as some of the security applications like mobile devices, endpoint management, and firewalls will enable an organization to baseline normal activity. The Snare Central dashboard (see below) provides a visual representation of activity, so if a spike occurs, you can drill down into the action to spot nefarious activity or spot holes in the foundation of their organization.

In the event of a breach, one of the first things that will be required to review in-depth all the log files to pinpoint when and where the initial breach took place – did an end-user open an email and launch malware or attach a USB stick to their desktop and copy data? If you are only collecting from servers and security devices, you may miss an important event in your discovery.

Also, retaining this information is essential.

Going back to the home analogy, if you ever want to sell your home, most buyers will want to know what repairs were done to critical aspects of your home – wiring updated, plumbing repairs, and yes patching to the foundation of your house.

For the security team having the ability to review historical data can address any potential problems going forward.

Centralized event logging is not new, it is not sexy, but it should be part of the foundation of your security framework when it comes to your organization.

 

Talk to our team about adding or upgrading your log management solution

Want to learn more about how Snare’s suite of log management and collection solutions can help your company? Reach out to us here.