Verizon Report: More Inconvenient Truth for Ineffective Log Management Victims
Posted: August 30, 2010 at 11:33 am | by Joe Gottlieb
New data suggests that most of the industry’s data breaches could have been prevented by effective log data management, reporting and response. Consider the following from Verizon Business’ latest Data Breach Investigations Report, published just a few weeks ago:
- 86 percent of the victims had evidence of the breach in their log files, but most of them did not detect the breaches for months.
- 61 percent of the breaches were discovered not by the victim company, but by a third party outside the company.
- 96 percent of the breaches were avoidable through simple or intermediate controls.
This surprising data all points to one fundamental truth: Despite huge investments in security tools and expertise, many major businesses still don’t know when they have been breached. They are left trying to explain themselves when a breach that has been in place for months - or even years - is revealed to their top management by a third party.
Why don’t companies recognize breaches when they happen, especially when those compromises are readily evident in their log files? Why can’t enterprises find the time to scan those logs for anomalies? Most importantly, what can companies do to reduce the length of time between the initiation of an attack and its detection and remediation?
I see two fundamental reasons why most companies don’t have good answers to these questions. Both come up time and again from customers who come to SenSage having had problems with their old log management solutions. First, their log management solution can’t scale to meet their continuous event loading, storage and management requirements. There has been massive growth in the volumes of event data being generated in recent years - especially application-related events - so performance and scalability are becoming pressing challenges. And second, their log management solution does not support the sophisticated data analysis necessary to isolate the events that matter from the events that don’t. This is especially the case with stealthy “low and slow” attacks where you may need to analyze patterns from months or years worth of data. Traditional log management systems with indexed searches of archives were never architected to deal with this.
If this all sounds painfully familiar, you should evaluate our unified SIEM and log management solution, purpose-built atop a clustered, columnar database. It scales from terabytes to petabytes while minimizing storage costs via patented compression algorithms and supports sophisticated query analysis through our console or your choice of business intelligence tools utilizing the industry’s only ODBC/JDBC interface to security event data.
Subscribe