Log Monitoring | Blog

Solutionary Blog and Bloggers

 Solutionary is an information security company. What does that mean? Simply put, we help businesses protect their assets, remain fully secure and safe online, and maintain and adhere to compliance regulations and standards. Solutionary's blog will be a place to learn about and discuss a wide variety of security and compliance topics. More information about Solutionary can be found here. To read the Solutionary blog comment policy and disclaimer, click here.

Solutionary Bloggers: 

Brad Curtis, Compliance Manager              Jon Heimerl, Director of Strategic Security
Mike Hrabik, President and CTO 
Don Gray, Chief Security Strategist
Court Little, Director of Strategic Security Joseph Blankenship, Senior Director of Product Marketing and Strategy
Doug Picotte, Regional Technical Manager
Rob Kraus, Senior Security Consultant   Scott Simpson, Director, Security Consulting Services                            Brian Reed, Regional Technical Manager          

 

 

 

 


Subscribe to our blog

Your email:

Posts by category

Posts by popularity

Solutionary Minds - Your Information Security Blog Source

Current Articles | RSS Feed RSS Feed

Breach Security: When the Breach is Over

Posted by Scott Simpson on Wed, Jul 28, 2010 @ 11:26 AM
Share on Twitter Twitter | Share on Facebook Facebook | Submit to Digg digg it |  Add to delicious  delicious |  Submit to StumbleUpon StumbleUpon | Submit to Reddit reddit 

At Solutionary, we pride ourselves on customer service and support. In this business, that means we put ourselves on the line for our clients when things go bad. Incident response and coordination isn’t a cornerstone of our business, but it is something we do very well for our clients in a time of need. Unless your organization has an incident response program that is regularly exercised, it can be a little overwhelming when an incident is identified that indicates a breach has occurred.

15585 Nervous Man Using A Fire Extinguisher To Put Out A Fire Clipart Illustration

When we get these types of calls, it isn’t because an employee has accessed inappropriate materials. It is because an IT administrator has been arrested for fraud or the company is undergoing a potentially brand damaging attack or data loss. Incidents that attack the brand can be as simple as web site defacement or as complex as getting targeted by an organized crime group, but in either case, it helps to have a friendly firm on your side to provide guidance when the breach is over.

One of the most significant challenges we face in supporting our clients is helping them to determine whether or not an incident constitutes a breach. To help make this determination, we coordinate resources to analyze the intelligence available. While in some cases a forensic image of a system may help, most of the evidence we need is contained in the log data produced by the systems that support the environment where the incident occurred. However, in many cases the log data is unavailable due to a failure to configure or retain the information properly.

We are not asking for a vetted set of log data that has been correlated and normalized by a SIEM (although that would be nice). We just want the raw log data. Without this information, it is almost impossible to determine with certainty that an incident resulted in a breach that warrants notification due to PCI, HIPPA/HITECH, or other compliance or legal requirements.

I encourage you all to review your log retention standards and capabilities to determine whether or not you maintain a minimum of 1 year of log data. Solutionary retains 100% of the raw logs we capture for our clients so they have forensically sound log data in their time of need.

0 Comments Click here to read/write comments

All Posts