Log Management

1
Log Management

• By Paul Shields

2
Agenda

• What are Logs
• Use of Logs
• Management of Logs
• Sorting through Logs
• Log Importance to Security Professionals
• Summary
• Questions

3
What are Logs?

• System and Device logs
• Documentation
• Systems
• Data assets
• Log management tools
• Logs contain events

4
Use of Logs

• Help in security and business policy validation.
• Receive early warning of potential security and
  performance problems.
• Mine log data to aid in system recovery and
  damage cleanup.

5
Management of Logs

• Must maintain original state and integrity.
• Human-intervention should be limited to ensure
  nothing is accidentally altered.
• Backups help maintain integrity.
• Log management automation.

6
Sorting through Logs

• GFiLANguard
• Provides tools to help understand what it is you
  are seeing in your logs
• Secnology
• Real-Time Logs Management Software that allows
  the user to respond effectively to rising threats
  in the security environment by collecting,
  analyzing and graphically displaying all security
  event information
• LogLogic
• Specialize in Log Management

7
Importance to Security Professionals

• Security professionals needs to investigate
  suspicious incidents, so they need access to
  event data in real-time as well as historical
  bases.

8
Summary

• What are Logs
• Use of Logs
• Management of Logs
• Sorting through Logs
• Importance to Security Professionals

9
Questions