Talk With an Expert

A Process for Continuous Improvement Using Log Analysis

A Process for Continuous Improvement Using Log Analysis (PDF, 3.53MB)Published: 26 Oct, 2011
Created by
David Swift

Good security is a moving target. Walls and castles were once good defenses against attackers, but they stand as little chance of preventing an attack by a modern army. Like all defenses, if left unattended, any information security strategy will become obsolete and fail. The problem with building or improving a defense strategy is where to start. Our knowledge and defenses are seldom perfect. More often than not the task of securing a network is gargantuan, and daunting. A good logging and analysis strategy can point the way. By accepting that defenses and configurations are never perfect and ever changing and by analyzing input from the event sources we already have, we can detect threats, direct responses, and tune our defenses. In the paper that follows, a repeatable process for continuously improving security and an outline of log analysis with case studies and sample output based on actual data will be detailed. The process is broadly applicable, and does not require a Security Information and Event Management (SIEM) or centralized log management (LM) system, though they do make the process easier.