Active Defense Against Data Breaches: Logging and Auditing
Logging and Auditing: A Real-Time Defense Against Data Breaches
While a part of regulatory compliance, logging and auditing are also a part of best practices for the security of your technological infrastructure. This is necessary in an increasingly predatory online world, where data is a form of currency. In one of their annual Data Breach Investigations Reports, Verizon estimated that 82% of data breaches could have been discovered if the victims of these breaches had “been more diligent in monitoring and analyzing event-related information available to them at the time of the incident.” This is one of the benefits of logging and auditing: this information can provide you with valuable defense against data breaches as they are occurring, or help to track them back to their source after they have occurred.
While users should be monitoring their systems with their own logs as a first priority, key management logging and auditing provides a second layer of critical security: key management is used in relation to encrypted data and important workflows, which is a bigger target for data breaches. By tracking the number of key creations, rotations and provisions, logging at the key management level can keep you aware of who is logging in, with what keys and accessing what data or applications. After an incident, auditing then allows you to go back and collect information. It also allows users to run reports as part of ongoing compliance checks, as key management systems should be regularly audited to make sure they comply with ever-changing government regulations. The information gathered through logging and auditing can be invaluable in your defense against data breaches, as well as malicious logins or activity, and can alert you to such occurrences as they happen. For example, multiple login attempts, logins from different IPs over a similar time frame or simply an application producing an excess of audit data – all of these may raise red flags about users and their activities. With proper logging, these types of data breaches can be discovered as they occur. The problem is that many administrators see logging as little more than a means of tracking whether anything in their system has broken, and much of the logging data relevant to security occurs in the background of system operations. While you can get as much of this information as you want, this requires administrative oversight, which, to be efficient, requires integration capacities, centralization and a concentrated concern with security.
KeyNexus’ Unified Key Manager (UKM) provides powerful logging and auditing options and is easily integrated with a number of other logging/auditing tools, creating a centralized and secure system. To begin with, our UKM keeps full records of all the necessary key management data, allowing you to not only log user information but to regularly audit and update your key management. Furthermore, it supports Syslog, a standard messaging format that tracks network events, providing 8 levels of information depending upon how complex you want your logging and auditing information to be. All the data tracked can then be searched, monitored and analyzed through 3rd party security information and event management systems (SIEMs), including Splunk. Our ability to integrate with 3rd party SIEMs allows you powerful analytics, reporting and visualization options, which enhances oversight and helps to centralize these oversight mechanisms. With this centralized system, you can also set alerts to notify your administrators of any suspicious activity. This allows you to shut down compromised or breached workflows using authorization protocols, client-side certificates and IP whitelisting, making sure that only those meeting these three criteria would be able to access your system, while also bringing potential threats to the attention of your systems administrator. This is the equivalent of a real time security system for your technological infrastructure, and can be an invaluable part of your defense against data breaches.
Simply put, KeyNexus’ UKM makes your network administrators key management duties easier, through its capacity for integration, centralization and security. For more information on how we can help with your logging and auditing needs, contact us.