Every IT department has faced the quandary at some point and asked themselves if a centralised logging infrastructure is really worth all the hassle and work that goes into it.
Well the simple answer is with the likes of Kibana and Elasticsearch, it’s at least a far less daunting task than it once was. In fact, it’s hardly any work at all. You can have an ELK Stack working for you in less than five minutes with the help of OS agents, code libraries or via our own api.
Simple monthly contracts means there’s no long term investment, and there’s no need to spend big bucks on your own central secure server these days. So now one of the main objections is out the way, what are the main benefits?
Network logs play an essential part in any well thought out security programme. Not only do logs flag up unusual activity in real time, it can also help you to analyse events after the fact with an incident-response.
It also allows you to implement a standardised analysis pattern across your whole organisation and spot flaws in the system more clearly and efficiently.
Organisations that implement their own central server then add a security incident management (SIM) device. This helps provide a certain amount of automation, according to pre-set parameters, that allows the system to flag up suspicious activity without any human input.
With a log management system, it’s simplicity itself to track events like access to folders from unusual PCs, failed login attempts and other red flags. These help you contain a security breach before it becomes a full-blown crisis.
In some industries, particularly the financial industry, logs are a legal requirement and it pays to have the simplest, most easily managed system you can to take care of the legalities.
A centralised log will also save time and man hours, potentially providing an ROI much greater than the actual investment as problems are flagged up, organised and analysed without any human input at all.
So there are many benefits, and if you think that the cost, time and effort of setting up your own central server is just too much, then think about outsourcing instead. Whatever you do, you should get your own centralised log management system. It is definitely worth it.