Essential Guide

How to define SIEM strategy, management and success in the enterprise

A comprehensive collection of articles, videos and more, hand-picked by our editors
Q

Is centralized logging worth all the effort?

Network log records play an extremely important role in any well-constructed security program. Expert Mike Chapple explains how to implement a centralized logging infrastructure.

Is the work involved in implementing a centralized logging infrastructure worth the security benefits?
Absolutely! Network log records play an extremely important role in any well-constructed security program. They help in the detection of anomalous activity both in real-time, as well as reactively during an incident-response event. Centralized logging provides two important benefits. First, it places all of your log records in a single location, greatly simplifying log analysis and correlation tasks. Second, it provides you with a secure storage area for your log data. In the event that a machine on your network becomes compromised, the intruder will not be able to tamper with the logs stored in the central log repository -- unless that machine is also compromised.

Once you establish a central log repository, the next step is to introduce centralized analysis techniques. Many organizations fulfill this requirement through the use of a security incident management (SIM) device. A SIM allows you to add a degree of automation to your log analysis process. You can create rules that analyze logs, aggregated from various devices, for patterns of suspicious activity.

The main stumbling block many organizations face when deciding whether to implement centralized logging and/or SIMs is the investment of time and resources necessary to get such an implementation off the ground. Depending upon how long you decide to retain records (many organizations choose to keep them for at least a year), logs can consume massive quantities of disk space. Additionally, SIMs require a significant amount of configuration and tuning to optimize for a particular enterprise.

More information:

  • See how SIMs have helped to integrate network and security management.
  • A variety of devices produce waves of logs. Learn how to get all that network data under control.
  • This was first published in March 2008

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Essential Guide

    How to define SIEM strategy, management and success in the enterprise

    GUIDE SECTIONS

    1. Strategy
    2. Operations
    3. The future

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close