It is an unfortunate reality, but everyday organisations of all sizes face network security threats from hackers who wish to upload viruses and unlawfully access data.
As a result it is essential that, even if you have just one computer connected to a network, that you implement an effective firewall and virus protection software. However, you also need to be able to detect actual breaches as they happen – and this is where log management comes in.
What is log management?
Log monitoring systems oversee all network activity and provide data that can alert you to a potential security breach. Raw log files are known as audit records, audit trails or event logs, and businesses should interrogate them on a daily basis to look for errors, anomalies and suspicious activity.
Each log file contains many pieces of vital information about the activity on your network, allowing you to identify intrusion attempts, mis-configured equipment and many more issues.
Most systems, including operating systems, internet browsers and Point of Sale systems generate logs, however not all of them are turned on automatically, so you need to make sure that all of your systems have logs turned on.
As well as monitoring activities across your network, you can also use log management to monitor individual workstations. These logs will be able to tell you, for example, what time a USB device was connected and whether or not that particular user is authorised to do so.
Events to look out for
There are a huge number of different events you might want to look for when analysing your log files, including:
- Password changes – does that user have permission to change the password?
- Unauthorised logins or login failures;
- Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks – these are attempts to overload your network with requests, rendering it unreachable;
- Exported data – where has it been exported to and does that user have the right permissions?
- New user accounts – have these been authorised and are they expected?
To find out more about log management, why it is so important and how ITC Secure Networking can help to keep your network protected, give us a call on 020 7517 3900. Our experienced and friendly team are waiting for your call.