Public sector not realising the full value of logs

CESG, the Information Assurance (IA) arm of GCHQ, warned government bodies this week that their failure to adequately monitor IT systems is putting sensitive data at risk.

When speaking at the Government ICT conference, Jon Ashton, director of IA, stated that ineffective network monitoring is often responsible for government departments dropping the ball in noticing what’s going on. It was also claimed that in some instances, government departments are not even producing logs, due to the lack of systems in place to review them.

This patchy approach to monitoring is irresponsible and bound to result in more of the high profile data breaches that make the news on a regular basis.

In reality, government bodies, or indeed any type of organisation, cannot effectively check all logs without using an automated solution. IT systems generate millions of logs on a daily basis and it is only by automating their collection and analysis that an organisation can get the full picture of what is happening across their IT infrastructure.

The apparently disparate nature of the government’s monitoring systems and the fact that some departments are not producing logs at all is unbelievable, given the number of security breaches that occur and the fact that monitoring and analysis is central to so many compliance regulations.

In addition to ensuring the systems in place are comprehensive enough to monitor an organisation’s entire infrastructure, there are other issues that also need to be considered. Andy Nelson, the Ministry of Justice’s CIO, argues that it is not just about buying a proactive monitoring system, but how it is used that matters.

The way that Protective Monitoring systems are deployed and used is crucial to how successfully they will meet an organisations requirements. When properly implemented, an automated and centralised log management solution should ensure that an organisation can monitor the whole of its IT infrastructure from a single screen with alerts and reports to ensure all aspects of the network are assessable and that nothing slips through.

By using sophisticated, automated solutions in this way, IT processes can be optimised, establishing better procedures and eliminating inefficiencies. It is important to realise that log management does not simply detect security threats but also tracks correlations, patterns and anomalies that can help develop best practice principles across a range of areas. Substantial benefits can be obtained from the log resources that are currently being wasted, a fact government departments would do well to remember as public sector cuts start to bite.

Ross Brewer brings to over 22 years of sales and management experience in high tech and information security. Prior to joining LogRhythm, he was a senior executive at LogLogic where he served as vice president and managing director EMEA. Ross has held senior management and sales positions in Europe for systems and security management vendor NetIQ and security vendor PentaSafe (acquired by NetIQ). He was also responsible for launching Symantec’s New Zealand Operations.