The event logs produced by hardware and software within our environment provide a wealth of information regarding the actual health of our environment. The industry has invested billions of dollars developing software on analyzing the information from multiple event logs within the infrastructure to ultimately find that needle in a haystack.
The use of log aggregators and SIEM products have greatly enhanced our ability to find that needle in the haystack, allowing us to author scripts and algorithms to discover the threat to our environment. Over the course of time industries recognized great value in these products, although the effort required often exceeds that of the conventional IT administrator.
Let's take an example of cybersecurity. Let's assume that we have 20 different components within our environment, remember a component defined hardware or software like network firewalls, operating systems, applications, and databases. Establishing a cyber strategy requires the implementation of cyber standards, often referred to as controls. The cyber standards include access to your system, encryption, insider threat, and a myriad of other cyber standards. For this example let's assume there are 100 cyber standards.
With 20 different components and 100 standards, what is the probable impact of an event to those controls? The firewall is breached which had a direct effect on the access control standard, using 10 as high risk, let's assign a 9 to this breach. Because of the breached firewall, my LDAP server which typically a risk of 1, now has an elevated risk of 4, due to the breach in the firewall. We understand there are 20 different components, although what are the total potential events per component? Your router may have 5,000 possible events. We have only discussed the impact of a single event code and the relationship of that single event to components within our environment.
The use of SIEM or log aggregators can undoubtedly reduce the number of events to be processed, although the mathematical algorithms needed to understand the risk level impact is very complicated, based on the staggering potential implications and varying levels of impact.
TechnologyMilestones understands Cyber threat and event logs. Check out our Cyber Solutions and Cyber products in the Store.