When businesses rely on their own infrastructure to protect their customers' products and services, security analysts are left with very little room for error and no time to waste. Long waiting times on database search results is most certainly not a good thing.
When businesses rely on their own infrastructure to protect their customers' products and services, security analysts are left with very little room for error and no time to waste. Long waiting times on database search results is most certainly not a good thing.
Many might be skeptical that the latest and greatest methods and technologies can meet their ever-increasing demands to see more log data, from more sources, in record time. This is understandable as many face the reality of living in the SOC that goes way beyond the newest data sheet. They attempt to dig through tons of firewall and intrusion detection logs as they battle their way through a security investigation. While not happy with it, they have become somewhat "used to" sifting through their data for days in an attempt to find what they are looking for—sometimes being forced to schedule the search, only to then watch the progress bar tick away in 1% increments every couple of hours or so.
The good news is that there is an alternative, and that's precisely what this confession is all about.
In this conversation, we speak with Julian Waits, GM Cyber Business Unit & Public Sector at Devo, about the confession "Mr B" shared with the Devo team.
"Mr B" described 3 main challenges faced:
1 - What do most legacy SIEM offerings forget about creating an environment that actually works for the business instead of against it?
2 - What about deployment and maintenance? T-shirts and swags help with that, right? Not!
3 - How does Devo help connect the dots between the logs, the security team's inherent creativity, and the company's security objectives?
In this confession, "Mr B" talks about the need for a new security log management stack that he and his security engineering peers could not only use to survive but to thrive on.
They must set aside decades-old mindsets for how data is collected, stored, analyzed, and presented. They need a solution that would give them the insights they need to make decisions when it matters most: right now.
If the investment in maintaining the security program and the increasing collection of logs outpaces outweighs the decision-making results, something got to change. Something in the organization's security posture is not correct.
It's time to re-evaluate, and possibly ditch, the 'good ole log database' for something that allows more data, more clarity, and more confidence.
The business will be grateful for it.
More Data. More Clarity. More Confidence.
(This contains promotional content: learn more)
Logs have the data to tell the “security + business” story — security analysts want to be creative to find that story. Give them the data in a way they can get to it and use it.
Conversation with: Julian Waits, GM Cyber Business Unit & Public Sector at Devo (@julianwaits on Twitter)
Confession shared by: “Mr. B”
Resources
Learn more about Devo and their offering: https://itspm.ag/itspdvweb
Watch all of the Log's Honest Truth videos by visiting https://itspm.ag/devooa7k
Catch the full 5-part video/podcast series by visiting https://itspmagazine.com/their-stories/their-identities-are-hidden-but-their-frustrations-are-not-infosec-confessions-logs-honest-truth-a-devo-story
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story