At the RSA Conference in San Francisco, it’s all security, all of the time. When one topic is the only focus over such a short period, it becomes easy to see current trends. Here are three that have caught my attention:
1. Advanced persistent threats (APTs) – APTs will continue to be an issue for enterprises in 2013 and beyond. The machine layer of defense is excellent at catching threats that are known ahead of time, where rules can be written, filters created and bad things can be “bucketed” from good things. Sometimes a human eye is brought in to spot things computers don’t “see” so easily. In a perfect world, that is enough.
But the significant problem is the A in APT. Advanced threats haven’t been identified, and only by collecting all data available and using user and machine activity monitoring can these threats be identified and blocked.
2. Bring Your Own Device (BYOD) – BYOD brings problems as well when people using their own devices can break any policy at any time. Enforcing policies across disparate devices (some more secure, some more vulnerable) requires monitoring of systems and user activity.
BYOD is on the rise and likewise, the introduction of a whole set of new variables that aren’t consistently being monitored. Each new device, OS and human behavior is a potential problem for the enterprise.
3. Well-known vulnerabilities – Gartner predicts that through 2015, 80% of successful security attacks will exploit well-known vulnerabilities that could be detectable via security monitoring.
Common applications and operating systems have vulnerabilities that get discovered over time. The success of “bad guys” and the hard work of security firms result in patches that are released on a regular basis.
But high-production, fast-moving environments aren’t always kept up-to-date with available fixes. By monitoring the user and systems activity using log data within their environment, the enterprise can make sure all available patches have been applied and can watch for attempts at exploitation.
Log data monitoring
These three trends point to the critical and increasing need for log data monitoring. If we’ve learned anything over the decades of computerization, it’s that the battle for secure systems is never over.
For additional reading on managing enterprise logging requirements, see LogLogic Analytics.