A Process for Continuous Improvement Using Log Analysis
Good security is a moving target. Walls and castles were once good defenses against attackers, but they stand as little chance of preventing an attack by a modern army. Like all defenses, if left unattended, any information security strategy will become obsolete and fail. The problem with building or improving a defense strategy is where to start. Our knowledge and defenses are seldom perfect. More often than not the task of securing a network is gargantuan, and daunting. A good logging and analysis strategy can point the way. By accepting that defenses and configurations are never perfect and ever changing and by analyzing input from the event sources we already have, we can detect threats, direct responses, and tune our defenses. In the paper that follows, a repeatable process for continuously improving security and an outline of log analysis with case studies and sample output based on actual data will be detailed. The process is broadly applicable, and does not require a Security Information and Event Management (SIEM) or centralized log management (LM) system, though they do make the process easier.
33824 (PDF, 3.53MB)
26 Oct 2011Related Content
Denial of Service Deterrence
Research PaperDenial of Service has been a very useful practice for attackers and continues to remain prevalent...
- 1 Apr 2015
Practical El Jefe
Research PaperEl Jefe is open source process monitoring software for Windows. With this tool, incident handlers...
- 31 Mar 2015
Using Influence Strategies to Improve Security Awareness Programs
Research PaperEven companies with extensive, well-funded security awareness programs fall victim to attacks...
- 25 Oct 2013
Talking Out Both Sides of Your Mouth: Streamlining Communication via Metaphor
Research PaperAs Security is a relatively new field, we are still learning how to communicate what we know with...
- 4 Oct 2013
Information Risks and Risk Management
Research PaperThis brief will cover the various exposures that companies now face as they increasingly rely on...
- 1 May 2013
Surfing the Web Anonymously - The Good and Evil of the Anonymizer
Research PaperCompanies of all sizes spend large amounts of time, resources, and money to ensure that their...
- 8 Oct 2012
Robots.txt
Research PaperAlthough this GIAC gold paper is not about search engine optimization, or SEO, this paper will...
- 31 May 2012
Measuring Psychological Variables of Control In Information Security
Research PaperThe effects of an individual's personal feelings of control over aspects of their health have been...
- 12 Jan 2011
Which Disney(c) Princess are YOU?
Research PaperSocial engineering for identity theft has always been around. But now, with the advent of social...
- 18 Mar 2010
Prelude as a Hybrid IDS Framework
Research PaperOrganizations both Large and Small are constantly looking to improve their posture on security....
- 24 Mar 2009
The Importance of Security Awareness Training
Research PaperOne of the best ways to make sure company employees will not make costly errors in regard to...
- 14 Jan 2009
Vendor-Supplied Backdoor Passwords - A Continuing Vulnerability
Research PaperVendor-Supplied Backdoor Passwords - A Continuing Vulnerability
- 26 Sep 2008
Making Security Awareness Efforts Work for You
Research PaperMaking Security Awareness Efforts Work for You
- 20 May 2008
The Controlled Event Framework for Information Asset Security
Research PaperThe Controlled Event Framework for Information Asset Security
- 20 Feb 2008
Data Leakage - Threats and Mitigation
Research PaperData Leakage - Threats and Mitigation
- 24 Oct 2007
Identity Theft
Research PaperThe act of identity theft can be performed by anyone, it could be family, friends or spouses. The...
- 2 Jul 2007
Social Engineering Your Employees to Information Security
Research PaperThis paper will examine the role and value of Information Security Awareness efforts in the...
- 19 Dec 2006
Building a Security Policy Framework for a Large, Multi-national Company
Research PaperInformation Security is not just technology. It is a process, a policy, and a culture. Our...
- 5 May 2005
The Role of the Security Analyst in the Systems Development Life Cycle
Research PaperThis paper will proceed in a very logical manner to describe how a sequential development life cycle...
- 5 May 2005
A Discussion of Spyware
Research PaperWe have secured our networks, implemented 'defense in depth' enforced strong passwords and educated...
- 28 Jan 2005