Marc Guardiola
Marc Guardiola CISO
1 October 2019

From logging to value creation

Log management is one of the Secure Managed Services that Solvinity offers its customers. You can use it to map the behavior and performance of your systems. But not just that. There are various ways in which you can make better use of your log data.

Much of what happens on a company network would immediately be forgotten after it ends, unless there is a log stored somewhere. Almost all devices in an IT infrastructure record everything they do in logs. In recent years these logs have become increasingly important. Not only to determine what a specific device has done (or failed to do), but also for applications that go far beyond that.

It may be useful and relevant to view performance and activities of one device, but it becomes much more interesting when you combine the logs of all your (network)devices. Your own organisation may already be familiar with this for compliance: in certain sectors and for certain activities you, as an organisation, need to be able to demonstrate that you have insight in what is happening on your network (think of ISO and SOC2 audits). A good log overview covers that. But registering something is not necessarily the same as making it easily understandable and create added value.

Valuable insights

An example of what an insight into log data can do for you, is improving your support. Every helpdesk knows the phenomenon of customers with complaints that are difficult to trace to a specific cause. The answer to such vague complaints is often hidden in log files. Good log analysis helps to determine the cause and shortens the time needed to find a solution. Even better, by keeping track of the logging you can stay ahead of problems by acting on indications that are hidden in the logs of certain devices, or connections when not functioning optimal. At Solvinity this method of log analysis is used to prevent failures and to guarantee high availability.

Logs can also provide a better understanding in how end-users interact with IT. For example, if certain functionality remains unused, it might be a reason to purchase fewer licenses, or even to end the use of a certain applications altogether. Conversely, it can help you identify trends in time. If a particular application is unexpectedly used more often than anticipated, you can prevent these popular applications from lagging or even crashing, by adding more bandwidth upfront. Log analysis allows you to concentrate the efforts of your IT team at the places where new needs arise. All to ensure that customers and users always have the optimal user experience.

One step further is using logs for incident management. Specialised software (or trained security specialists in a Security Operations Centre) can reveal clues hidden in logs. For example to detect intrusions, or to signal unauthorised actions people are trying. Intelligent log analysis is increasingly used to signal, or even block, suspicious activities in real time. Sensitive business information that is copied to a USB stick? A board member who logs in from a strange location? Thanks to log analysis, immediate actions can be taken.

A jungle of data

Unfortunately, the reality is not as simple as it sounds. Going through a log is one thing, but digging through hundreds of logs looking for possible correlations is a serious task. This work can be automated to a large extent. But not without clever thinking upfront.

Almost all equipment nowadays keeps logs, but there isn’t one standard for such logs. Retention time for logging differs from one manufacturer to another, and also the type of data, it’s format and the order in which the data is stored varies widely. This makes analysis of such data extra laborious. Moreover, the security of the logs on all these different devices is not exactly clear. If you want to be able to use logs to detect suspicious activities, you must be sure that these logs provide a reliable view on reality.

For that reason, we at Solvinity collect all logs from all network equipment we manage (and on request even the logs from devices not included in our management scope) and store these in one central and secured database. The data is then automatically ‘normalised’ by us. For this we’ve developed a series of smart scripts that ensures that the data, from the often hundreds of logs provided, is stored in a specific way to make it easy to compare and analyse. Regardless of the device, type or the supplier.

This database is used by Solvinity engineers to perform their daily management tasks. By presenting the customer environments log data in a graphical dashboard, our customer support teams have a better understanding of the performance, the infrastructure and the applications. We’ve provided the same database (and its dashboard) as an additional logging service to our customers. Some of which the log data is already used for several analyses. For example SIEM-Solutions (Security Information and Event Management), that analyses log data in real-time to detect security incidents, can be linked directly with our logging platform. There’s also an increasing demand from  customers to access our graphic dashboards themselves. This to have a more detailed insight in what’s happening within their environment and to extract insights that are of great value to their organisation.

If you want to know more about how Solvinity can unlock logs for you, and what logging can mean for your organisation? Please contact us. We are happy to inform you about all the options.

Lees ook

Meer

Blog
12 June 2019

Are you invulnerable?

Today, optimal protection against organised digital break-in attempts or cyber crime syndicates is a need and...

READ MORE

Kunnen we je verder helpen?

Maandag t/m vrijdag van 09:00 - 19:00 uur