Last week I sat in as a consultant with a major corporation’s security team to determine which Windows security events really warranted a real-time alert as opposed to which ones should be reviewed within 24 hours or simply archived. It was 2-hours before we made it past the first event.
You might climb a mountain simply because it’s there but no one manages logs simply because you can. Yet log management is complex and it’s easy to lose sight of what we are really trying to accomplish. Or as in the case above, different teams have different viewpoints, priorities and goals for the processing of log data. If we aren’t careful we can blow a lot of resources on log management without really getting the value and risk mitigation we need.
In this next real training for free (TM) webinar I will articulate the Top 5 Goals for Effectively Using Log Management. Then for each goal I will identify the key requirements in terms of log management technology and processes necessary for reach that goal. During the webinar you can choose which of those goals apply to your organization and then build a list of technology and process requirements to compare against your current environment.
This will be valuable information for anyone:
- Currently responsible for log management
- Evaluating your organization’s current log management process and technology
- Planning to implement log management
We will look at when and how you use:
- Real time alerts
- Forensic analysis
- Daily reports for review
- Weekly or monthly reports for archive only
- Raw log archival
To meet all the different and sometimes conflicting goals for log management including intrusion detection, policy violations, evidence for court or internal proceedings and more. Please join me for this eye-opening session.