Archive | March 5, 2013

No place to hide if you know what to look for

There is nothing like a good story in the IT world to generate a flurry of online chatter. In recent time weeks the “homeworking ban” proposed by a well known technology company has risen to the top of the corporate discussion agenda.

But this blog is not about the ban as such, but new information about additional insight that validated or supported the merit of “withdrawal of work from home privileges”. It is rumoured that information gained from vpn logs (that record remote connections) highlighted a reduced use of the vpn platform, thus indicating little use of remote connectivity to the corporate network.

If we cast our minds back, IT logs were considered by many to deliver more hassle than value. Rarely was anything of use found within, but they still were key elements to be stored securely and reliably, as part of the backup regime. It’s true, database vendors have always utilised logs to good effect to aid with transaction integrity and recovery, but for the rest of the IT community, logs equalled hassle…

But in the case of the use of log data for evidence to support the “homeworking ban” or the forensic use of log information for analysis after a major security breach, and worse still the use of log information unbeknown to us for malicious intent to launch a security attack – these examples indicate there was always “gold in the hills” but few knew where to look.

System logs pretty much exist for all elements within IT systems, software, hardware, process, you name it, everything has one and often many logs that hold a treasure trove of insight for those clear on how to and what to look for. SIEM (security information and event management) platforms, deemed by many as the perfect tool to reactively and proactively interrogate log data and turn it into true business insight, are moving from desirable (unless PCI compliance forces their use) to mandatory corporate information systems. SIEM solutions are ideal for taking often meaningless IT system data and presenting correlated, relevant business insight.

Many of us lack the time to look in system logs, nor understand what to look for (and equally what to do when we find what we are looking for), so the deployment of a market leading SIEM solution will certainly provide all of the gain with none of the pain (the configuration and deployment headaches of old are long gone).

The moral of this blog, don’t presume because you may not know how or where to look, that the information doesn’t exist. You just need to know what you are looking for (and hope someone skilled isn’t looking before you find it).

Until next time.

Colin W

%d bloggers like this: