Page 76 - Cyber Defense eMagazine September 2022
P. 76
Is Your Security Log ‘Bathtub’ About to Overflow?
By Ozan Unlu, CEO and Founder, Edge Delta
Security Log Data - More Data Doesn’t Always Mean Better Protection
A major issue that security operations teams face is the aggressive speed at which vulnerabilities are
being exploited, coupled with massively increasing data volumes (relating to security events) being
generated across current infrastructures.
Security logs can be extremely useful for helping identify or investigate suspicious activity, and are a
cornerstone of every traditional SIEM platform. But the fact is that current infrastructures are generating
security logs at a rate faster than humans or even machines can analyze.
Consider this: it would take a person about one 8-hour work day to read 1 megabyte of raw logs and
events, a thousand people for a Gigabyte, a million people for a Terabyte, and a billion people for a
Petabyte. Some of the organizations we work with create close to 100 petabytes of data per day. Security
operations teams are drowning in data and the tide is only going to get higher. These teams desperately
need a better way to manage, analyze and make sense of it all. But how?
The Limitations of SIEM Systems
Today’s SIEM systems - where security logs are traditionally routed, indexed and prepared for analysis -
are quite advanced, but they do have their limitations. Certain systems, particularly older, on-premise
ones, can be painfully slow when it comes to querying data and delivering the required information,
Cyber Defense eMagazine – September 2022 Edition 76
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.