Insufficient logging and monitoring
According to the OWASP organisation, the average time it takes for a breach to be detected is 200 days and is typically picked up by external parties rather than internal processes or monitoring . With that in mind, why are we failing in detecting breaches as soon as/or while they occur?
Speaking from experience, a lot of ‘smaller’ organisations dont want to appoint/pay someone to manage their security. The logs are available, but if you have a small IT team heavily focused on solving tickets and serving the help-desk, they will rarely get looked at until a breach has already developed, and you often find a team like this is not equipped with the knowledge and tools to respond in the proper manner.
This coupled with many outsourced IT departments, who havent been given scope to secure the network/website/systems/application; can lead to an overarching amount of insecurity.
Ensuring you have sufficient logging and monitoring in place, not only protects your organisation from breaches, but ensures that your data is secure on every level.
- You can monitor who has which permissions/privileges, and that no one has anything they shouldnt.
- See where traffic is accessing your network/system/website from.
- Solve problems and track trends in your IT usage
- Detect malware or intrusions
- Detect un-authorized logins
- Detect denial of service attacks
and so much more!
So lets look at the looking solutions out there, each are different and I wont go into a thorough evaluation of each one at this stage but I’ll list a few for you to look into if you want to implement logging and monitoring in your organisation: