![\"Log](\"https:\/\/16kqg2tgn1u4ew0tl3ybl9pr-wpengine.netdna-ssl.com\/wp-content\/uploads\/2022\/06\/blog-tl-perspectives-fast-security-logs-by-andy-stone-768x432.jpg\")
<\/div>\n<\/div>\n<\/div>\n<\/div>\nFast Security Logs Are the Key to Beating the Clock<\/strong><\/h2>\n![\"log](\"https:\/\/16kqg2tgn1u4ew0tl3ybl9pr-wpengine.netdna-ssl.com\/wp-content\/uploads\/2022\/06\/log-analytics.png\")
<\/p>\n
When hackers gain access to a network, they can linger for days or even weeks before you know they\u2019re there. While undetected, they\u2019re gathering admin credentials and doing recon. Security logs\u00a0can<\/i>\u00a0alert you to an intruder, but many aren\u2019t fast enough. Or, they don\u2019t gather quite enough clues to raise a red flag. When they do, it\u2019s often too late and the damage has already been done.<\/p>\n
That\u2019s why fast security log analytics is a key part of any defense strategy\u2014the \u201cbefore<\/a>\u201d of an attack that is as critical as the \u201cduring<\/a>\u201d and the \u201cafter<\/a>.\u201d Let\u2019s take a look at what fast security logs are, why they matter, and how you can start using them at your organization.<\/p>\nWhat Are Fast Security Logs And Why Do They Matter?<\/strong><\/h2>\nSecurity log analytics consists of log data generated around the clock by network systems, end user behaviors and actions, and endpoint activity, and security monitoring systems. Log and event data is spread out everywhere across an enterprise and can be found in files, applications, sensors, network events, virtual machines, operating systems, clouds, security devices, operating systems, and more.<\/p>\n
Security log analytics can help make sense of all this data and help to power:<\/p>\n
\n- Rapid experimentation<\/li>\n<\/ul>\n
\n- Threat hunting<\/b><\/li>\n
- Purple teaming exercises<\/li>\n<\/ul>\n
In terms of threat hunting, specifically, security logs are only valuable\u00a0if<\/i>\u00a0they\u2019re fast and comprehensive. Simply put: You need your logs and underlying systems to be fast if they\u2019re actually going to help you defend against cyberattacks. Otherwise, you\u2019re looking for a needle in a haystack on borrowed time.<\/p>\nHow Do We Define \u201cFast?\u201d<\/strong><\/h2>\nYou can measure the speed of security log analytics in terms of terabytes per second or by a more arbitrary (but also more relevant) measure: \u201cbreakout time<\/b>.\u201d<\/p>\n
Breakout time is the time between when an attacker breaks into your system, gaining access as a regular user, and when they elevate that user privilege to \u201cadmin.\u201d With admin privileges, they can really start to wreak havoc. We used to measure breakout time in days or hours. Today, it\u2019s down to minutes\u2014about\u00a090 minutes<\/b>,\u00a0to be exact. That\u2019s how long you have to find that needle in the haystack.<\/p>\n
Speed and performance of security logging systems determine how quickly you\u2019re able to:<\/p>\n
\n- Detect and respond to threats in near real time<\/li>\n
- Identify anomalies in historic and behavioral data<\/li>\n
- Leverage advanced algorithms and AI to detect never-before-seen threats<\/li>\n<\/ul>\n
However, too many organizations miss out on these capabilities due to a few common mistakes.<\/p>\n
Common Fast Logging Mistakes\u00a0<\/strong><\/h2>\nEffective security logs<\/a>\u00a0rely on two things:\u00a0fast analytics platforms<\/b>\u00a0and\u00a0fast data storage solutions<\/b>. Trying to detect anomalies without those two components is nearly impossible\u2014but that\u2019s not all. Other common mistakes companies make with their security logs include:<\/p>\n\n- Not enough logs, and therefore, limited visibility.<\/b><\/li>\n<\/ol>\n
Think of your security logs as windows into everything going on within your systems. If you\u2019re looking through a peephole, your view is too narrow. But, see things through a big pane of glass and you\u2019ll get a more holistic view of everything that\u2019s going on. Put simply, everything should be logged at all times.<\/p>\n
\n- Logs that aren\u2019t correlated across networks, endpoints, and end users.\u00a0<\/b><\/li>\n<\/ol>\n
Your logs are only as valuable as they are informative. To be truly useful, they need to be able to correlate events occurring in many different areas of your ecosystem, including cross-referencing across the network, endpoints, and end users.<\/p>\n
\n- A back-end infrastructure that isn\u2019t fast enough to support advanced analytics.<\/b><\/li>\n<\/ol>\n
Without a powerful data storage back end, the reality is, even successful correlation queries will be too slow to reveal threats in time. When you\u2019re looking for that needle in the haystack, think of incredibly performant data storage as a magnet to draw that needle to the top. It makes quick work of threat detection and analytics. But if your storage is slow, your data lake too immense, or your queries poorly written, it can take hours or even days of research to pinpoint an issue or potential threat.<\/p>\n
When you\u2019re looking for that needle in the haystack, think of incredibly performant data storage as a magnet to draw that needle to the top. It makes quick work of threat detection and analytics. \u2013 Andy Stone, CTO-Americas, Pure Storage<\/i><\/p><\/blockquote>\nHow to Supercharge Security Log Analytics<\/strong><\/h2>\n![\"supercharge\"](\"https:\/\/16kqg2tgn1u4ew0tl3ybl9pr-wpengine.netdna-ssl.com\/wp-content\/uploads\/2022\/06\/supercharge.png\")
<\/p>\n
For security log analytics to deliver the firepower you need to combat cyberattacks, they should include:<\/p>\n
\n- Real-time processing with search and query performance that\u2019s reproducible, no matter the log size. This requires high throughput, low latency, and consistent performance finely tuned for any scenario or scale.<\/li>\n
- Embedded data reduction and on-demand scaling to log and retain more data for longer, for the richest possible analysis.<\/li>\n
- Easy scalability for multiple workloads, concurrent queries, and variable data patterns to accommodate fast analysis of multi-petabyte data sets.<\/li>\n
- Multiple logs that correlate data across networks, endpoints, and end users.<\/li>\n
- Management simplicity to let you easily build new queries and reduce complexity.<\/li>\n<\/ul>\n
Pure Storage\u00ae offers the fastest analytics processing available for fast logs, especially if you\u2019re already using platforms like\u00a0Splunk\u00a0<\/a>and\u00a0Elastic<\/a>. With unified fast file and object storage (UFFO) from Pure, you\u2019ll achieve the speed and agility IT and SecOps teams need today by un-siloing data, separation of compute and storage, and elastic, automated infrastructure so you can focus on insights, not operations.<\/p>\nRemember\u2014security log analytics is the most important tool in your toolbox for the\u00a0before<\/b>\u00a0of a cyberattack. Time is limited, so you must make the greatest impact possible in the shortest window possible.<\/p>\n
Bottom line: In today\u2019s threat landscape, you can\u2019t afford for your log analytics to be slow.<\/p>\n
<\/p>\nWhat Are Fast Security Logs And Why Do They Matter?<\/strong><\/h2>\nSecurity log analytics consists of log data generated around the clock by network systems, end user behaviors and actions, and endpoint activity, and security monitoring systems. Log and event data is spread out everywhere across an enterprise and can be found in files, applications, sensors, network events, virtual machines, operating systems, clouds, security devices, operating systems, and more.<\/p>\n
Security log analytics can help make sense of all this data and help to power:<\/p>\n
\n- Rapid experimentation<\/li>\n<\/ul>\n
\n- Threat hunting<\/b><\/li>\n
- Purple teaming exercises<\/li>\n<\/ul>\n
In terms of threat hunting, specifically, security logs are only valuable\u00a0if<\/i>\u00a0they\u2019re fast and comprehensive. Simply put: You need your logs and underlying systems to be fast if they\u2019re actually going to help you defend against cyberattacks. Otherwise, you\u2019re looking for a needle in a haystack on borrowed time.<\/p>\nHow Do We Define \u201cFast?\u201d<\/strong><\/h2>\nYou can measure the speed of security log analytics in terms of terabytes per second or by a more arbitrary (but also more relevant) measure: \u201cbreakout time<\/b>.\u201d<\/p>\n
Breakout time is the time between when an attacker breaks into your system, gaining access as a regular user, and when they elevate that user privilege to \u201cadmin.\u201d With admin privileges, they can really start to wreak havoc. We used to measure breakout time in days or hours. Today, it\u2019s down to minutes\u2014about\u00a090 minutes<\/b>,\u00a0to be exact. That\u2019s how long you have to find that needle in the haystack.<\/p>\n
Speed and performance of security logging systems determine how quickly you\u2019re able to:<\/p>\n
\n- Detect and respond to threats in near real time<\/li>\n
- Identify anomalies in historic and behavioral data<\/li>\n
- Leverage advanced algorithms and AI to detect never-before-seen threats<\/li>\n<\/ul>\n
However, too many organizations miss out on these capabilities due to a few common mistakes.<\/p>\n
Common Fast Logging Mistakes\u00a0<\/strong><\/h2>\nEffective security logs<\/a>\u00a0rely on two things:\u00a0fast analytics platforms<\/b>\u00a0and\u00a0fast data storage solutions<\/b>. Trying to detect anomalies without those two components is nearly impossible\u2014but that\u2019s not all. Other common mistakes companies make with their security logs include:<\/p>\n\n- Not enough logs, and therefore, limited visibility.<\/b><\/li>\n<\/ol>\n
Think of your security logs as windows into everything going on within your systems. If you\u2019re looking through a peephole, your view is too narrow. But, see things through a big pane of glass and you\u2019ll get a more holistic view of everything that\u2019s going on. Put simply, everything should be logged at all times.<\/p>\n
\n- Logs that aren\u2019t correlated across networks, endpoints, and end users.\u00a0<\/b><\/li>\n<\/ol>\n
Your logs are only as valuable as they are informative. To be truly useful, they need to be able to correlate events occurring in many different areas of your ecosystem, including cross-referencing across the network, endpoints, and end users.<\/p>\n
\n- A back-end infrastructure that isn\u2019t fast enough to support advanced analytics.<\/b><\/li>\n<\/ol>\n
Without a powerful data storage back end, the reality is, even successful correlation queries will be too slow to reveal threats in time. When you\u2019re looking for that needle in the haystack, think of incredibly performant data storage as a magnet to draw that needle to the top. It makes quick work of threat detection and analytics. But if your storage is slow, your data lake too immense, or your queries poorly written, it can take hours or even days of research to pinpoint an issue or potential threat.<\/p>\n
When you\u2019re looking for that needle in the haystack, think of incredibly performant data storage as a magnet to draw that needle to the top. It makes quick work of threat detection and analytics. \u2013 Andy Stone, CTO-Americas, Pure Storage<\/i><\/p><\/blockquote>\nHow to Supercharge Security Log Analytics<\/strong><\/h2>\n<\/p>\n
For security log analytics to deliver the firepower you need to combat cyberattacks, they should include:<\/p>\n
\n- Real-time processing with search and query performance that\u2019s reproducible, no matter the log size. This requires high throughput, low latency, and consistent performance finely tuned for any scenario or scale.<\/li>\n
- Embedded data reduction and on-demand scaling to log and retain more data for longer, for the richest possible analysis.<\/li>\n
- Easy scalability for multiple workloads, concurrent queries, and variable data patterns to accommodate fast analysis of multi-petabyte data sets.<\/li>\n
- Multiple logs that correlate data across networks, endpoints, and end users.<\/li>\n
- Management simplicity to let you easily build new queries and reduce complexity.<\/li>\n<\/ul>\n
Pure Storage\u00ae offers the fastest analytics processing available for fast logs, especially if you\u2019re already using platforms like\u00a0Splunk\u00a0<\/a>and\u00a0Elastic<\/a>. With unified fast file and object storage (UFFO) from Pure, you\u2019ll achieve the speed and agility IT and SecOps teams need today by un-siloing data, separation of compute and storage, and elastic, automated infrastructure so you can focus on insights, not operations.<\/p>\nRemember\u2014security log analytics is the most important tool in your toolbox for the\u00a0before<\/b>\u00a0of a cyberattack. Time is limited, so you must make the greatest impact possible in the shortest window possible.<\/p>\n
Bottom line: In today\u2019s threat landscape, you can\u2019t afford for your log analytics to be slow.<\/p>\n
- \n
- Threat hunting<\/b><\/li>\n
- Purple teaming exercises<\/li>\n<\/ul>\n
In terms of threat hunting, specifically, security logs are only valuable\u00a0if<\/i>\u00a0they\u2019re fast and comprehensive. Simply put: You need your logs and underlying systems to be fast if they\u2019re actually going to help you defend against cyberattacks. Otherwise, you\u2019re looking for a needle in a haystack on borrowed time.<\/p>\n
How Do We Define \u201cFast?\u201d<\/strong><\/h2>\n
You can measure the speed of security log analytics in terms of terabytes per second or by a more arbitrary (but also more relevant) measure: \u201cbreakout time<\/b>.\u201d<\/p>\n
Breakout time is the time between when an attacker breaks into your system, gaining access as a regular user, and when they elevate that user privilege to \u201cadmin.\u201d With admin privileges, they can really start to wreak havoc. We used to measure breakout time in days or hours. Today, it\u2019s down to minutes\u2014about\u00a090 minutes<\/b>,\u00a0to be exact. That\u2019s how long you have to find that needle in the haystack.<\/p>\n
Speed and performance of security logging systems determine how quickly you\u2019re able to:<\/p>\n
- \n
- Detect and respond to threats in near real time<\/li>\n
- Identify anomalies in historic and behavioral data<\/li>\n
- Leverage advanced algorithms and AI to detect never-before-seen threats<\/li>\n<\/ul>\n
However, too many organizations miss out on these capabilities due to a few common mistakes.<\/p>\n
Common Fast Logging Mistakes\u00a0<\/strong><\/h2>\n
Effective security logs<\/a>\u00a0rely on two things:\u00a0fast analytics platforms<\/b>\u00a0and\u00a0fast data storage solutions<\/b>. Trying to detect anomalies without those two components is nearly impossible\u2014but that\u2019s not all. Other common mistakes companies make with their security logs include:<\/p>\n
- \n
- Not enough logs, and therefore, limited visibility.<\/b><\/li>\n<\/ol>\n
Think of your security logs as windows into everything going on within your systems. If you\u2019re looking through a peephole, your view is too narrow. But, see things through a big pane of glass and you\u2019ll get a more holistic view of everything that\u2019s going on. Put simply, everything should be logged at all times.<\/p>\n
- \n
- Logs that aren\u2019t correlated across networks, endpoints, and end users.\u00a0<\/b><\/li>\n<\/ol>\n
Your logs are only as valuable as they are informative. To be truly useful, they need to be able to correlate events occurring in many different areas of your ecosystem, including cross-referencing across the network, endpoints, and end users.<\/p>\n
- \n
- A back-end infrastructure that isn\u2019t fast enough to support advanced analytics.<\/b><\/li>\n<\/ol>\n
Without a powerful data storage back end, the reality is, even successful correlation queries will be too slow to reveal threats in time. When you\u2019re looking for that needle in the haystack, think of incredibly performant data storage as a magnet to draw that needle to the top. It makes quick work of threat detection and analytics. But if your storage is slow, your data lake too immense, or your queries poorly written, it can take hours or even days of research to pinpoint an issue or potential threat.<\/p>\n
When you\u2019re looking for that needle in the haystack, think of incredibly performant data storage as a magnet to draw that needle to the top. It makes quick work of threat detection and analytics. \u2013 Andy Stone, CTO-Americas, Pure Storage<\/i><\/p><\/blockquote>\n
How to Supercharge Security Log Analytics<\/strong><\/h2>\n
<\/p>\nFor security log analytics to deliver the firepower you need to combat cyberattacks, they should include:<\/p>\n
- \n
- Real-time processing with search and query performance that\u2019s reproducible, no matter the log size. This requires high throughput, low latency, and consistent performance finely tuned for any scenario or scale.<\/li>\n
- Embedded data reduction and on-demand scaling to log and retain more data for longer, for the richest possible analysis.<\/li>\n
- Easy scalability for multiple workloads, concurrent queries, and variable data patterns to accommodate fast analysis of multi-petabyte data sets.<\/li>\n
- Multiple logs that correlate data across networks, endpoints, and end users.<\/li>\n
- Management simplicity to let you easily build new queries and reduce complexity.<\/li>\n<\/ul>\n
Pure Storage\u00ae offers the fastest analytics processing available for fast logs, especially if you\u2019re already using platforms like\u00a0Splunk\u00a0<\/a>and\u00a0Elastic<\/a>. With unified fast file and object storage (UFFO) from Pure, you\u2019ll achieve the speed and agility IT and SecOps teams need today by un-siloing data, separation of compute and storage, and elastic, automated infrastructure so you can focus on insights, not operations.<\/p>\n
Remember\u2014security log analytics is the most important tool in your toolbox for the\u00a0before<\/b>\u00a0of a cyberattack. Time is limited, so you must make the greatest impact possible in the shortest window possible.<\/p>\n
Bottom line: In today\u2019s threat landscape, you can\u2019t afford for your log analytics to be slow.<\/p>\n
- A back-end infrastructure that isn\u2019t fast enough to support advanced analytics.<\/b><\/li>\n<\/ol>\n
- Logs that aren\u2019t correlated across networks, endpoints, and end users.\u00a0<\/b><\/li>\n<\/ol>\n
- Not enough logs, and therefore, limited visibility.<\/b><\/li>\n<\/ol>\n
- Purple teaming exercises<\/li>\n<\/ul>\n
Security log analytics is pretty much SecOps table stakes. Learn how you can avoid a few common mistakes that could hold you back from leveraging this goldmine. Security log analytics is pretty","protected":false},"author":3,"featured_media":1388,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[13],"tags":[],"class_list":["post-1387","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog"],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"https:\/\/dt-corp.com.vn\/wp-content\/uploads\/2022\/06\/blog-tl-perspectives-fast-security-logs-by-andy-stone-768x432-1.jpg","_links":{"self":[{"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/posts\/1387","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1387"}],"version-history":[{"count":2,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/posts\/1387\/revisions"}],"predecessor-version":[{"id":1390,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/posts\/1387\/revisions\/1390"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/media\/1388"}],"wp:attachment":[{"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1387"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1387"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1387"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}