Log management and analysis: How, when and why

Log management and analysis: How, when and why

Date: Aug 10, 2012

Security teams log lots events—more and more of them all the time.  Unfortunately, they don't make much use of these logs except in retrospect when trying to understand something long after it happened.  In order to improve your organizations security posture, security teams needs to make better use of logs.  The challenges in doing so are both organizational and technical, and it is imperative that you address both sides of the problem.  Security and network teams must work together in order to implement robust aggregation, analysis, reporting and search.


In this presentation, we’ll review how to make the most of logs to augment an organization’s security posture. Specific points of emphasis include:

  • Knowing what you know: Assessing your current state of log collection and aggregation
  • Knowing how to understand it: Making sure you can normalize and analyze logs for key security data
  • Knowing what to do with it:  Organizing security and networking teams to make optimal use of log data
  • Knowing what to look for: What to look for in assessing log management, correlation and analysis tools


More on Enterprise Data Governance

  • canderson

    PCI analysis: Marcus Ranum on why PCI DSS sets the bar too low

    VIDEO - Tenable CSO Marcus Ranum says Target-like breaches occurred even with PCI compliance because PCI established only a minimal set of requirements.
  • canderson

    File access logs: Marcus Ranum surprised by NSA shortfall

    VIDEO - Tenable CSO Marcus Ranum says he's surprised at how little information the NSA seems to have about which documents were stolen by Edward Snowden.
  • canderson

    Screencast: Employ the FOCA tool as a metadata extractor

    VIDEO - Mike McLaughlin demos the FOCA tool as a metadata extractor to expose the 'hidden' data users often post on their own websites.
  • Bitcoin exchanges maturing, but Bitcoin security still a concern

    News - The Bitcoin market is maturing but security issues, such as private key management, persist. The Bitcoin Foundation gives the good news and bad news regarding Bitcoin security.

    ( Sep 19, 2014 )

  • document sanitization

    Definition - In addition to making sure the document text doesn’t openly divulge anything it shouldn’t, document sanitization includes removing document metadata that could pose a privacy or security risk.
  • metadata security

    Definition - Metadata is defined as “data about data.” It adds information to data that makes it possible to process it automatically and to effectively find, categorize, share and reuse it, among other things. However, metadata that is accessed by unauthorized parties can pose a significant risk to businesses.
  • sensitive information

    Definition - Sensitive information is data that must be protected from unauthorized access to safeguard the privacy or security of an individual or organization.
  • document metadata

    Definition - Document metadata is information attached to a text-based file that may not be visible on the face of the document; documents may also contain supporting elements such as graphic images, photographs, tables and charts, each of which can have its own metadata.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: