Automated analysis of logs with a log management platform is the only viable protection against infiltration and data breaches.
According to Reed Henry, senior vice president of marketing at ArcSight, automated log analysis is at the foundation of modern day security as events captured in logs or extracted from IT systems paint the picture of what is happening across the organisation.
Henry said: “Whether it is malware, malicious system users, or contractors, there is a trail of digital footprints left behind that, if noticed, will alert an enterprise to cyber threats and risks before it is too late.
“The world's two largest data breaches resulted in over 200 million credit card transaction records stolen over 18 month periods during which no one noticed that the breaches were occurring even though the logs indicated they were! No one was looking at the logs. Our critical infrastructure can't afford such a catastrophic oversight.”
Henry claimed that as critical infrastructure operates on isolated dedicated networks that are accessed via an administrative network either run solely from a network operations centre or virtually via VPN, system administers can cross-over from the corporate network to the administrative network. This creates a problem as malware and cybercriminals can make the same traverse from the internet to the corporate network to the administrative network.
He therefore claimed that the only viable solution that can protect against threats is log management, which needs to be collected in a structured or unstructured format and centralised for analysis.
“The analysis entails alerting for certain conditions found, such as an administrator network access or changes in a configuration followed by drill down forensics if a threatening condition is recognised,” said Henry.
“Every second logs paint a picture of what is happening across the network. The bottom line question is whether anyone is looking.”