As a network manager, you are being pulled in too many directions – from troubleshooting a slow network issue, to a datacenter consolidation project, to supporting your business and maintaining mission-critical applications. I don’t want to add to your list of action items, but there is an area often overlooked by busy IT professionals - log management.
If you don’t have the right log management strategy in place, you should reconsider, and here is why:
Log files (Syslog, Windows event logs, W3C logs, etc.) act as a journal of record, keeping track of EVERYTHING going on in your environment, such as who is accessing your devices, systems or applications from where, at what time, and for which purposes. Therefore, log data should be collected, stored, analyzed and reported on for real-time security event detection and response, as well as compliance assurance and log forensics.
Here are some examples of what can happen if you don’t.
1) I'm not sure what Sony was using or if they were getting the most out of their log management software, but when all of the dust settled after their massive security breach earlier in the year, it was estimated to cost the PlayStation giant $178 million to deal with the fallout of that mess. Ouch.
2) I recently came across an article on how log management cracked down on an AT&T support contractor who leaked thousands of sensitive customer documents. The long and short of it, the support contractor released 60,000+ phone numbers, and other data including server names and IP addresses, with user names and passwords, from employees within AT&T's internal network. Authorities were able to lead to the arrest of this contractor through the aid of log management software, which identified the IP address and which server and user was connected to it, and which website was accessed at the time of the data breach.
3) On an even worse scale, for eight years a Citigroup employee managed to steal $750,000 from 22 different customers before she was caught. She was a real model citizen, too, apparently stealing from folks with Parkinson’s and her own father. According to experts (and common sense), had some better business practices been put in place to coincide with that log management software in this scenario, it probably would have been far less than eight years of swindling people of their hard-earned money.
So now let me ask again - Do you think that you have the proper log management strategy to mitigate risk? Does it give everything you need to ensure compliance with internal auditing processes and/or key compliance regulations?
Secondly, if the answer is yes, you may be collecting log files, but it's really what you do with them that could make or break a potential data breach. As in the case of AT&T, it was a combination of good log management software and the right log management knowledge to crack down quickly on the breach culprit.
To summarize, do you really know who is accessing and manipulating your company's key assets such as patient, employee or financial records? You might want to rethink your log management strategy or come up with one if the answer is no.