The debate between data and information has been going on for quite some
time. When people say "knowledge is power", are they referring to data or
information? Is knowledge different still? And how about "intelligence" where
does that fit?
How can we go from data to information to knowledge to intelligence?
The answer is simple. By understanding the animated nature of data evolution
and transformation, and acting upon this understanding.
And this is brought to light by logs from your Information Systems.
Understand this and unleash the Power of Logs.
Figure 1 - Data to Information to Knowledge to Intelligence, and the role of
logs as metadata
Data seems mainly one-dimensional.
Consult any data base or data warehouse, perform even complex queries on
these and you will get a "flat" answer.
The fact that you get a single answer will make you think that data is
Back from SecureCloud 2010 in Barcelona
I’ve been in information and system security for almost 20 years. Yes
it’s possible! At the time Gopher was the killer app and NCSA Mosaic was in
the making; I was working on Arpanet and Internet wasn’t born; and
information security was a non-issue, all my friends, colleagues, coworkers
and family were telling me “don’t even try and make a living out of this
dead-end information security thingy stuff”.
But somehow I was convinced that it would be a great ride, that it would be
fun and that I had to do it. My crystal ball was crystal clear,... (more)
Not all Log Management solutions are created equal... Trusting your logs.
Log Integrity is at the core of using logs for such purpose as building
Trust, providing non-repudiation and indisputable proof in business
relationships between Customers and Providers, but also to provide for
evidence admissible in a court of law. We saw that not all Log Management
solutions are created equal, and we saw some high-level requirements in terms
of log collection and log reporting. We need a solution that is simple to
deploy - we want an enabler, not a disabler - and a solution that allows a ... (more)
Rule-based log correlation is based on modeling attack scenarios
Back to the visibility aspect.
"By managing all your logs you get universal visibility in everything that is
happening in your IT infrastructure." Yes, this is a true statement.
But to tell that you can easily flag security attacks using rule-based
correlation is a major overstatement.
Rule-based correlation essentially automates the "If this is happening here"
and "That is happening there" then "We have a problem." More precisely, "If
this precise event is taking place at this particular time in this specific
You bought a static rule-based correlation and you want to get the most out
of it, or are you planning on getting and deploying one? There are some
simple steps you can take to maximize its efficiency.
Ask Yourself If You Can Really Afford In-house Real-Time Incident Management
The main use case for correlation is real-time incident management, so you
need a 24x7x365 team of forensics experts to validate and follow-up on alerts
- in real time.
No need to have real-time correlation if you only have a 9-5 operation...
If an alarm goes on at 3.a.m., do you have the skilled staff to act... (more)