Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Log management as a tool against insider threats

Insider Threat By Davi Ottenheimer , Network World , 05/27/2008
  • Share/Email
  • Comment
  • Print

As an IT administrator, I'm often considering how to make the most of all security solutions that my organization needs to run smoothly, especially given the cost of compliance solutions. One item I'd like feedback on is how I can leverage the log-management product I've bought for compliance to protect the network against insider threats as well. If I have a log management solution in place, will that be sufficient to protect my sensitive data? What other best practices are there, and can you provide a few real-world examples?

Information security tools are often split into two categories - detective and preventive. The latter should help prevent attacks, as the name implies, while the former gives ways to monitor and find security events. Log management is a detective control only, so it is not sufficient on its own to protect sensitive data. You still need things like access controls and authentication to prevent unauthorized access and stop attacks. However, detective controls significantly enhance preventive controls because they warn of impending attacks (e.g., suspicious activity and surveillance) and alert you to attacks even if they are failing. Log management therefore has both direct and indirect applications that will help with compliance as well as insider attacks.

A direct method of log management usually involves collection of known logs into a centralized and secure space with long-term retention capabilities to satisfy requirements like "Secure and Central Log Collection" (PCI Requirement 10.5). Indirect methods can involve anything related to monitoring or auditing activities. This means everything from authentication and authorization to encryption to change management could benefit from log management. File Integrity Monitoring, for example (PCI Requirements 10.2.2, 10.5.5 and 11.5), depends on a log management back-end. Some may be surprised that virtually all encryption has a significant log-management component, but monitoring access and change related to keys and signatures is essential to good encryption management. Take, for example, an insider who modifies or replaces a key. Even the reverse can be important; a key that has not been rotated in a timely fashion (some rotations are meant to happen weekly) indicates a potential exposure or suspicious activity.

  • Share/Email
  • Comment
  • Print
Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.

Download the white paper.

Applications: taking back control

Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.

Learn more today.

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed

Whitepapers

Windows Vista: Necessity and Opportunity

The Vista era of Windows is here. Yet most organizations will retain Windows XP alongside new Vista...

Vulnerability Management For Dummies

Download this concise book "Vulnerability Management for Dummies," to learn about the simple steps...

Security Considerations When Deploying Remote Access Solutions

Effective network security is most successful when you use a layered approach, with multiple...

Webcasts

Migrating to Windows Vista: Necessity and Opportunity

The Vista era of Windows is here. Yet most organizations will retain Windows XP alongside new Vista...

Turning information into a Competitive Advantage

Companies today are realizing that competitive advantage is harder to sustain when based solely on...

PoE Plus: Impact on the PoE Market

The standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...

Special Reports

Unified Threat Management from CheckPoint

Discover why Unified Threat Management Firewalls are ready for the enterprise today. High...

The Evolution of Network Security

We have so many holes punched in our firewalls today that many industry insiders question the value...

The self-managed network

We aren't there yet, but advances in network and systems management tools are making it possible to...

Get instant email notification when white papers, webcasts, executive guides are added to our library. Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.
Network World,to go. Wherever you are. Breaking news delivered to your mobile device. Select the hottest topics in networking and start receiving Network World on your mobile device today.