Logs Are Yesterday’s News When You Need To Know What’s Happening Now

1,518 people reacted 0 4 min. read

By

Category: CIO/CISO, Cybersecurity, Endpoint, Threat Prevention

Tags:

In the broken status-quo state of today’s cybersecurity, we often get to hear the importance of indexing and aggregating logs to improve security. But, are logs really helping improve security, or are they helping someone remain compliant so they can document a crime scene?

There is a big difference: are we preventing the crime or are we describing the crime after it is committed? I’m not saying logs aren’t important — indeed they are — but I know we can do better. I know we can prevent that crime scene altogether.

In fact, I venture to say that so-called “best of breed” point-product appliances focus attention on logs because they lack the ability to make a prevention decision in active network traffic or active endpoint memory. As a result, they have to rely on log correlation and perpetuate a message about the importance of SIEM that by today’s standards creates a false sense of security. This is an important distinction as companies embrace mobility and move to cloud hosted applications. The traditional log correlation approaches to detection are unsustainable and lead to dangerous blind spots where the devil lurks in the form of dwell time.

If you don’t know much about dwell time, ask your cybersecurity professionals and learn more. The CIOs and CISOs out there should think through the cybersecurity community’s emphasis on log correlation, response and remediation. The best vantage point you have at prevention is in active network traffic and active endpoint memory. Don’t be fooled, herding and pinpointing important logs components from routers, VPNs, endpoints, and so on sucks up critical resources and, unfortunately, only tells you yesterday’s news when you need to know what is happening now. The term “you only get out what you put in” is legacy and frustrating. There is a better way.

Active Network Traffic Vantage Point

Consider active network traffic, all active network traffic. That is, traffic inside your data center, at your smart phone, at your endpoint, at internet access points, at a virtual appliance. Wouldn’t it be outstanding to have an agile and flexible service with visibility into all network traffic not matter where the traffic exists in your expanding network and cloud environment? This sort of visibility creates a prevention advantage by providing an opportunity for more granular control of applications, content and users in an extensible manner. Our Enterprise Security Platform delivers this visibility and control with elegance, and provides some incredible value to your business.

Active Endpoint Memory Vantage Point

Let’s build on the discussion from an active memory perspective. Decisions based on logs are famously ineffective for endpoint security. Don’t you think it would be nice if someone created a way to prevent zero-day intrusions before an adversary can exploit a vulnerability on your endpoints? Wouldn’t it be nice if the zero-day prevention didn’t disrupt business continuity or user experience? Our Enterprise Security Platform does this too. Please call us or fill out a sales request and have these discussions with our team. We want to talk about how we solve problems that overwhelm your IT and cybersecurity professionals.

All CIOs and CISOs should demand more of their IT and cybersecurity portfolio than log correlation. Use what the Palo Alto Networks team put into prevention as an enabler. In fact, if you already own Splunk, be sure to check out the Palo Alto Networks Splunk App we created with them. It provides a great glimpse into what we put into our platform so your team can focus on protecting your enterprise. Step back from the urge to hire more consultant engineers to force a hopeless fix for failed correlation technologies and consider our approach to prevention.

The first place to eliminate evil dwell time is prevention and the best vantage point for prevention is in active network traffic and active endpoint memory. Palo Alto Networks is the only cybersecurity company with an integrated platform that closes the loop on all active network traffic and active endpoint memory. Our platform makes prevention a relevant part of your security, compliance and governance strategy. When your business continuity, reputation and growth is a concern, don’t trust your security to after-the-fact, log-focused response and remediation approaches that only describe the crime scene rather than prevent the crime.