It’s all about the logs – Looking into your past will protect your network’s future

We see it repeatedly. The newly installed CISO or CIO installs the latest blinky-box in “the quadrant.” As they discuss all the great features and how it’s going to help protect their network, it’s discovered that while the device will get MOST of the logs, but there are still areas that aren’t logging. Plus, nothing in the back end network getting aggregated and processed either. A better investment of time and resources would be to get the entire network logging to a centralised log aggregator before organisations spend cash on the trendy blinky-box. Without a complete picture of your network, you get partial information, which can be misleading. Many CISOs understand this when it’s presented, but surprisingly many don’t understand the importance of proper logging. Complete and accurate logs are the keystone of any effective information security program. Almost every aspect of infosec touches logs at some point. If you can’t query the activity of every device on your network, dedicate yourself to getting that fixed - quickly. Don’t waste money on a SIEM or a honeypot or anything else before you’ve addressed this Infosec 101 prerequisite first.