3 reasons why log-based monitoring is insufficient for cyber security monitoring
1 March 2017

 

SIEM (Security Information and Event Management) systems are used to collect, store, analyze and report on log data for computer forensics and to meet compliance requirements. However, a security monitoring function that is based solely on logs is hardly enough to meet the challenges faced by IT Security professionals today. Here are three compelling reasons why organisations should look beyond log-based monitoring.

#1 - Early Detection needs to be sooner

 

The “2015 Gartner Magic Quadrant for Security Information and Event Management” report has defined SIEM from the perspective that organisations want to use event data and apply security analytics to them so as to help early detection of attacks and data breaches.

This implies that the data already reflects an intrusion or that the anomaly has already taken place. In such a situation, the detection might be considered “early”, yet, the threat is already present within the organization. Of course, early detection will minimize the impact of the breach, but if the breach could have been detected earlier, it will be better.

Continuous monitoring at the network level allows anomalies to be detected directly without the need to depend on logs from security appliances. Evidence can be extracted from the network traffic for analysis on a near real-time basis, so that breaches can be verified promptly. This will allow mitigation action to be taken much earlier.

#2 - Threat fatigue

 

Log-based monitoring is notorious for generating false positives if the SIEM is not setup and configured properly. The amount of data generated and the number of threats and potential threats that needs to be investigated can result in threat fatigue, a situation where the security staff begin to miss important information.

There are services offered by professional companies that will help with this. From 24/7 monitoring to professional, multi-tier support, these threats can be filtered from first response to in-depth analysis and then subsequently, to proactive threat detection.

#3 - Simplistic log-based monitoring does not consider network flow

 

A log-based monitoring approach that does not correlate across logs from network appliances will not contain network flow information. This is an important source of early detection signals and behavior patterns across the entire network is a good indication when a part of the network is exhibiting a different pattern.

There are service offerings that will not only monitor the organisation’s network as a whole, but also, able to integrate data from multiple detection engines for more accurate alerts.

Comprehensive protection is required

 

Today, cyber security threats are no longer defined by simple network parameters or point solutions. Organisations need to consider comprehensive protection that can offer 24/7 monitoring, professional analysis capabilities, fast detection and alerts, and most importantly, the ability to immediately contain and correct the situation.

Speak to StarHub today, as direct visibility of internet traffic puts telcos in the best position to assist with today’s sophisticated threat environment.

 

Follow StarHub Business on Linkedin for the latest business updates.

 

Lower your cyber security risks and costs. Here’s how.

In the past year, cyber-attacks in Singapore have been on the rise.

Read more
Cyber Security KeyTrends 2017

Read more about the key trends for 2017 on Cyber Security.

Read more
Mobile security breaches you need to prevent today

As the number of mobile devices grow in the enterprise environment..

Read more