Is centralized logging worth all the effort?

Essential Guide

How to define SIEM strategy, management and success in the enterprise

This article is part of an Essential Guide, our editor-selected collection of our best articles, videos and other content on this topic.Explore more in this guide:

1. - Demystifying SIEM: Making the business case: Read more in this section
- Five tips to improve a threat and vulnerability management program
- Is centralized logging worth all the effort?
Read more in this section
Explore other sections in this guide:
- 2. - SIEM operational best practices
- 3. - SIEM 2.0: Emerging security data strategies
View all sections in this guide

Is the work involved in implementing a centralized logging infrastructure worth the security benefits?

Absolutely! Network log records play an extremely important role in any well-constructed security program. They help in the detection of anomalous activity both in real-time, as well as reactively during an incident-response event. Centralized logging provides two important benefits. First, it places all of your log records in a single location, greatly simplifying log analysis and correlation tasks. Second, it provides you with a secure storage area for your log data. In the event that a machine on your network becomes compromised, the intruder will not be able to tamper with the logs stored in the central log repository -- unless that machine is also compromised.

Once you establish a central log repository, the next step is to introduce centralized analysis techniques. Many organizations fulfill this requirement through the use of a security incident management (SIM) device. A SIM allows you to add a degree of automation to your log analysis process. You can create rules that analyze logs, aggregated from various devices, for patterns of suspicious activity.

The main stumbling block many organizations face when deciding whether to implement centralized logging and/or SIMs is the investment of time and resources necessary to get such an implementation off the ground. Depending upon how long you decide to retain records (many organizations choose to keep them for at least a year), logs can consume massive quantities of disk space. Additionally, SIMs require a significant amount of configuration and tuning to optimize for a particular enterprise.

More information:

See how SIMs have helped to integrate network and security management.

A variety of devices produce waves of logs. Learn how to get all that network data under control.

View the next item in this Essential Guide: SIEM best practices for advanced attack detection or view the full guide: How to define SIEM strategy, management and success in the enterprise

Latest Headlines

Featured

E-Books

E-Zines

E-Handbooks

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

Is centralized logging worth all the effort?

Essential Guide

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

More from Related TechTarget Sites