Tip #1: Centralized approach – Unify security & IT operations

You can secure if you can “see” it. My tip #1 is to have a centralized approach where you see every log data from every log generating source. Since “seeing” everything means more machine data, you need right tools such as security and identity focused event correlation engine that helps you understand and analyze the risks in your IT. The last step is to take actions using the IT operations tools.

 

 

centralized approach.png

 

 

The convergence of IT operations and security operations has been an ongoing effort in most of the dynamic enterprises. The benefits of this convergence is clear to many organizations that need to optimize resources, lower cost, increase efficiency in both groups, and deliver an open and secure platform for communication and collaboration.

The security and IT operations integration empowers your organization to effectively manage your IT infrastructure, while keeping your IT infrastructure secure.

 

HERE ARE SOME OF THE BENEFITS OF CENTRALIZED APPROACH:

 

Overcome data scalability challenges

As the size of the managed environment grows, the monitoring of the events from the infrastructure elements becomes onerous. IT Operators rely on event reduction techniques such as correlation engines, or limit either the breadth or depth of data collection to only machine data from business critical applications.

 

Simplify log file management challenges

The machine data collected is typically raw, device-specific, and vendor-specific data. There are no tools to search any events or logs. The data is also retained for short term, as the objective of an IT operation is to keep the services up and running at all the time.

 

Build security intelligence through event analytics on historical data

This short retention of data limits the intelligence in the system as events fixed and annotated few months ago may not be stored to retrieve. The alternate option is to invest in expensive databases and resources to manage the data.

 

Unified data with operations, security, and compliance context

Integrating log management solution and IT Operations is mutually beneficial to both organization. With the increasing number of cyber-attacks it is critical to share the tools and knowledge between security and IT operations as many organizations can’t detect breach until it’s too late.

 

Simple control can prevent 97% of the data breaches*

The Data Breach Investigation Report (DBIR) of 2012 conducted by Verizon, states that 98% of the data breaches come from external agents. 97% of those breaches were avoidable through simple controls such as log management solution.  

 

In all of these breaches studied, 92% of them were reported by third parties. It is an embarrassment to organizations if they do not detect a breach in their internal system. Log management plays a critical role in the organization to detect and share the knowledge about security threats that can be prevented through IT Operations.

 

HERE IS HOW YOU ACHIEVE CENTRALIZED APPROACH:

 

Start with a simple log management solution that helps your IT operations to increase the breadth and depth of data collection. Then add simple security information and event management (SIEM) solution which helps you with security-focused, identity based, real-time, cross-device correlation engine that tells you who is doing? What? When? And how? This helps you respond and prevent to breaches faster.

 

 

We will get into details about analyzing all this big data in the future tips. The next tip is about using the centralized approach.

 

Start here by downloading a free trial of log management solution at www.hp.com/go/logger

 

The Data Breach Investigation Report (DBIR) of 2012 conducted by Verizon 

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.