This site uses cookies to improve navigation and collect statistics. To learn more about our cookie policy, see this complete information.
By continuing to browse or by clicking X, you consent to the use of cookies.

Big Cover - 2020-10-29T121657.440 (1)
IDEAS

Effective monitoring of IT systems thanks to log management and SIEM

A proactive approach to security, simplifying the management of incidents and corporate digital forensics

Case History

Providing customers with a security infrastructure that meets their new requirements.

@1xANTEPRIMA Case Service operation Go

Seemingly every week, we hear about a big company which has suffered a data breach. Hackers gain access to protected information, often collecting sensitive and financial data on employees and customers. The problem is that we don’t know how network attacks will occur until they happen. If we could magically know this in advance, we would be able to automate all our defenses.

Often the only way that companies can detect cyber-attacks, even after they have happened, is to know and understand what is happening in the logs and in other protected areas. There are many software products and techniques which offer information on the state of health of your company’s security but, as we will see, at times they only show a narrow view of the whole picture.

Two common terms, Log Management (LM) and Security Information and Event Management (SIEM) are often used together, but there are significant differences in the definitions and approaches. Let’s take a look together.

Security and Log Management

A first, important step for establishing a security analysis protocol is log management. Logs are messages generated by the computer originating from all types of software and hardware: almost all ICT devices have the ability to produce logs. Logs show, in detail, the various functions of the device or application, as well as when users log in or attempt to do so.

Log Management Systems (LMS) can be used for a variety of functions, including: collection, centralized aggregation, archiving and viewing, rotation, analysis and reporting of logs.

Corporate Cyber-Criminality

The steps to protect your cybersecurity.

Big Cover Mettiti in gioco con le aziende scopri come risolvere casi di Cyber Security Go to ideas

Data classification

What data must be protected, and what are the security requirements to adopt.

Big Cover Data Classification per la Cybersecurity Go to ideas

The logs are often used to reveal weak spots in security, and forward-looking companies which employ security analysts are often able to identify them and resolve them before violations occur. Nevertheless, the larger the company, the more logs there are, considering that companies can easily produce hundreds of gigabytes of logs every day. As log sizes continue to grow, and companies become ever-more vigilant in terms of security analysis, managing logs alone is no longer sufficient: it is just one component of a holistic solution.

Contact a consultant

Security Information and Event Management

Any type of software offers a limited view of the state of health of your security. For example, a resource management system keeps track only of applications, company processes and administrative contacts; a network intrusion detection system (IDS) can see only IP addresses, packets and protocols. Taken individually, these options cannot show what is happening on your network in real time.

This is where SIEM, which goes one step beyond log management, comes into play. Experts describe it as “greater than the sum of its parts”: it indeed includes numerous security technologies, and its implementation makes each individual security component more effective. To all intents and purposes, SIEM is the only way to view and analyze all your network activity.

The term, coined in 2005, draws from and is based on different cybersecurity techniques which, taken individually, cannot show what is happening on a network in real time. By combining the best of these techniques, however, SIEM provides a complete approach to security. Vendors can offer them as managed services and/or products, alongside other security solutions. The most complete SIEM products are those with the following functionalities:

  • Aggregation, analysis and reporting of the output of logs from networks, OSs, databases and applications
  • Applications which verify identities and manage access
  • Vulnerability management and forensic analysis
  • Policy compliance
  • Notifications of external threats
  • Customizable dashboards

Technology Advisory

Multi-cloud, Cybersecurity, Governance and Compliance for our Clients’ business

@1x2 Technology-Advisory Go

The benefits of SIEM

As for log management, the goal of SIEM is security, but the advantages of an SIEM approach are its real-time analysis and the connection of different systems in order to bring the information together in a single console.

In summary, SIEM provides a wide-ranging and detailed view of your company’s security. Your security analysts can thus continue to do what they do best – analyzing security in real time – instead of dedicating precious time to learning every single product which falls under the definition of security.

Contact Lutech

We invite you to read the marketing policy disclaimer.

Please enter a value
Please enter a value
Please enter a valid email address
Please enter a valid phone number
Please enter a value
Please enter a value
Please enter a value

By clicking the "Confirm" button, I declare that I have read and understood the Marketing Disclaimer

I agree to receive commercial and promotional communications relating to services and products as well as information messages relating to marketing activities, as explained in the aforementioned Disclaimer

Please select an option

An error has occurred, please try again later

Thank you for your interest!
We have received your contact request; we will be in touch shortly to further discuss your business requirements.

Case history

ideas

Vision & Trends on Digital Transformation