The previous article on SANS Security Survey 2013 discussed about the security needs and challenges in enterprises to detect threats and the complexity to respond to breaches and attacks, etc. Further to detecting threats and responding to them, we got some insights on the kind of data used by organizations for security analytics.
Interestingly, the most common data used to investigate security issues were:
Log data from network (routers/switches) and servers, applications and/or endpoints
Monitoring data provided through firewalls, network-based vulnerability scanners, IDS/IPS, UTMs, etc.
Access data from applications and access control systems
By doing log analysis, you can understand what transpires within your network. Each log file contains many pieces of information that can be invaluable, especially if you know how to read them and analyse them. With proper analysis of this actionable data you can identify intrusion attempts, misconfigured equipment, and many more.
Next, you cannot afford to undermine the importance of security reporting as it would give you critical information like the vulnerabilities, suspicious behavior on your network, network traffic, etc.
Satisfaction with Current Analytics and Intelligence Capabilities
The above statistics are based on the SANS Security Survey conducted early this year. For detailed survey results and reports, please click here.
59% of respondent organizations
Not satisfied with their library of appropriate queries and reports
56% of respondent organizations
Not satisfied with their relevant event context intelligence
Have no visibility into actionable security events
How do Security Reports help?
From the above chart you can see the various factors that organizations look for when it comes to reports. While it is absolute necessity to have an effective security reporting to stay informed about the various security issues, it is also important to understand the different areas where reports can be used.
Being in line with IT compliance regulations such as PCI DSS, GLBA, SOX, NERC CIP, and HIPAA requires businesses to monitor and control access to and usage of sensitive information. Scheduling periodic report generation can help you in gaining visibility over your network and help you adhere to various compliance regulations, which in turn means protection of your customers’ data.
Security audit is a continuous process, hence you need to conduct security audits regularly. Reports help you conduct an audit of network events and establish a security baseline. You can make it even more effective automating the audit process with the help of SIEM tools.
IT Security Forensics:
You can use reports to identify suspicious behavior patterns on your network, traffic patterns, malicious codes, summary of various events on your network, and many more.
Are you all set to meet us at SANS Network Security meet? Look for us at Booth 14. We'll be the ones with awesome t-shirts, buttons, and giveaways! Make sure that you stop by and have a chat with us and also check-out our line-up of security products.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community.
More than 150,000 members are here to solve problems, share technology and best practices, and directly
contribute to our product development process.
Learn more today by joining now.