In the earlier blogs of this series, we saw the snapshot of the SANS security survey showing how prepared organizations are in the methos of threat detection and response, and generating security reports. Now, we’ll see how organizations are equipped to collect security data and correlate that for threat intelligence.
A startling result that we found from the survey is that,
Security data collection is the process of being able to gather logs from across your IT infrastructure including network devices, security appliances, servers, workstations, virtual machines and databases. It doesn’t just stop with log data collection, but focuses on how quickly the logs are collected. There are attacks that cause havoc even in a few minutes, and not being able to collect data and gain knowledge of the attack will be more detrimental to your secure data and systems.
Log collection is just the first step. Once the data is collected, there should be a relevant mechanism to process the logs, normalize them, correlate them as quickly as possible and generate intelligence to diagnose anomalies in network patterns and isolate suspicious events. Real-time event log correlation could be most efficient only when it is automated and happens in-memory so that threat analysis becomes extremely fast.
Another interesting survey finding was that,
This is a challenge for security admins as they cannot manually search for logs and hope to respond to attack on time. Security information & event management (SIEM) tools help you automate event log correlation and alert you when there’s a security threat of policy violation. Log management becomes simpler and automated when you use an external SIEM software. The survey showed that,
Your security needs will not be fulfilled if you are not ready to invest in a security solution that’s going to help protect your network, systems and sensitive data. Organizations need more awareness and learning on how an automated SIEM system can help you gain real-time visibility into the security and operational events in your network. Try SolarWinds Log & Event Manager, a full-functional SIEM software, that collects and correlates log data and alerts you in real time, and helps remediate threats with built-in automated incident responses.
Join SolarWinds at SANS Network Security 2013 Las Vegas
You are invited to stop by at booth No. 14 TODAY (September 18th, 2013) to meet our security experts and geeks, and attend live product demos and find a solution to your security challenges. And yes, there is a lot of cool geek gear to grab and wear – complimentary of course!