I think we all know what log management is. As discussed in a 2017 article for The State of Security, log management is about systematically orchestrating the system and network logs collected by the organization.

That being said, there’s still some confusion surrounding why an enterprise would want to collect log data in the first place. There are two primary drivers for an enterprise to collect log data. These are security and compliance.

Log Management for Security

Per the Center for Internet Security (CIS), the collection, storage and analysis of logs is a Critical Security Control. The CIS explains the relevance of log management for security quite succinctly in its description of CIS Control 6: Maintenance, Monitoring and Analysis of Audit Logs. As quoted on its website:

Deficiencies in security logging and analysis allow attackers to hide their location, malicious software, and activities on victim machines. Even if the victims know that their systems have been compromised, without protected and complete logging records they are blind to the details of the attack and to subsequent actions taken by the attackers. Without solid audit logs, an attack may go unnoticed indefinitely and the particular damages done may be irreversible.

Very simply, if you’re not collecting, storing and analyzing log data for every asset in your organization, you have significant gaps in your security visibility of your network.

Log management, therefore, plays a key role in your digital security strategy. Having complete visibility into what events have occurred and are occurring on your network is a must. You need this information to focus on network events of interest. With this type of visibility, you can then take timely and appropriate measures to address potential threats before you balloon into full-fledged security incidents. The visibility granted by log management thereby enhances (Read more...)