SlideShare a Scribd company logo

Log Standards Future Trends

Anton Chuvakin
Anton Chuvakin

This document discusses log standards and future trends in logging. It outlines the current state of log chaos, with no standard formats, schemas, taxonomies, or transport mechanisms. This results in logs being difficult to analyze and make sense of. The document then discusses past attempts at log standards that failed and proposes that a common event expression standard could help bring order to the chaos by establishing common log syntax, taxonomy, transport, and recommendations. This would allow for improved log management, correlation, and security analysis capabilities. It also notes that growing log volumes will continue to pose challenges and will need to be addressed.

Technology
1 of 27
Log Standards and Future Trends Dr. Anton Chuvakin Security Warrior Consulting www.securitywarriorconsulting.com August 2010
Outline World of logs today Log chaos? Order is sorely needed! Past attempts to bring order to chaos! Why all failed? What does the future hold? Logging trends of the next few years
Log Data Overview From Where? What Logs? ,[object Object]
Routers/switches
Intrusion detection
Servers, desktops, mainframes
Business applications
Databases
Anti-virus
VPNs
Audit logs
Transaction logs
Intrusion logs
Connection logs
System performance records
User activity logs
Various alerts and other messages,[object Object]
Log Chaos: Login <18> Dec 17 15:45:57 10.14.93.7 ns5xp: NetScreendevice_id=ns5xp system-warning-00515: Admin User chuvakinhas logged on via Telnet from 10.14.98.55:39073 (2002-12-17 15:50:53) <57> Dec 25 00:04:32:%SEC_LOGIN-5-LOGIN_SUCCESS:LoginSuccess [user:antonc] [Source:10.4.2.11] [localport:23] at 20:55:40 UTC Fri Feb 28 2006 <122> Mar 4 09:23:15 localhostsshd[27577]: Accepted password for anton from ::ffff:192.168.138.35 port 2895 ssh2 <13> Fri Mar 17 14:29:38 2006 680 Security SYSTEM User Failure Audit ENTERPRISE Account Logon Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0    Logon account:  ACHUVAKIN   
Log Chaos Everywhere! No standard format No standard schema No standard meaning No taxonomy No standard transport No shared knowledge on what to log and how No logging guidance for developers No standard API / libraries for log production
Result? %PIX|ASA-3-713185 Error: Username too long - connection aborted Aug 11 09:11:19 xx null pif ? exit! 0 ERROR: transport error 202: send failed: Success userenv[error] 1030 RCI-CORPsupx No description available
So, what can we expect?
If We Don’t Stop It … MORE logs (learn what’s a “petabyte”!) Distributed logging -> WIDELY distributed logging across applications, systems, etc More REALLY bad logs from custom applications We work harder – and still MISS important things in logs (see VzBIR 2010!) BIG log DATA comes and kills us! 
Cloud to the Rescue? Question: do you think “cloud” will make logging better due to APIs, XML, structured data, etc? Answer:  "If your security and trust models suck now, you'll be pleasantly surprised by the lack of change when you move to cloud“ Chris Hoff @ Cisco
Any solutions, Anton?
Standards: The ONLY Way Out! FIRST: make it easier to know what logs tell us! Easier to report on logs and explain the reports Deeper insight into future problems Easier system interoperability Common logging practices Easier to explain what is in the logs to management and non-IT people
What Becomes Possible? All those super-smart people at SIEM vendors can stop parsing and start analyzing What the events mean? Consequences? Actions? Maybe even prediction? Different systems can mitigate consequences of each others’ failures We can finally tell the developers “what to log?” and have them “get it!”
Various Logging Standards by Type Log format Example: Syslog, a non-standard standard Example: IDMEF, a failed standard Log contents No standard to speak of: logs = trash can because application developers dump what they want there (and how they want!) Log transport Example: Syslog (TCP/UDP port 514) Logging practices / recommendations Example: NIST 800-92 (for security only)

Recommended

AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...
AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...
AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...Amazon Web Services
 
Introducing Splunk – The Big Data Engine
Introducing Splunk – The Big Data EngineIntroducing Splunk – The Big Data Engine
Introducing Splunk – The Big Data EngineSwiss Big Data User Group
 
Got SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouGot SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouAnton Chuvakin
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
20 Years of SIEM - SANS Webinar 2022
20 Years of SIEM - SANS Webinar 202220 Years of SIEM - SANS Webinar 2022
20 Years of SIEM - SANS Webinar 2022Anton Chuvakin
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise SecuritySplunk
 
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...Edureka!
 
Power of Splunk Search Processing Language (SPL) ...
Power of Splunk Search Processing Language (SPL) ...Power of Splunk Search Processing Language (SPL) ...
Power of Splunk Search Processing Language (SPL) ...Splunk
 

Recommended

AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...
AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...
AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...Amazon Web Services
 
Introducing Splunk – The Big Data Engine
Introducing Splunk – The Big Data EngineIntroducing Splunk – The Big Data Engine
Introducing Splunk – The Big Data EngineSwiss Big Data User Group
 
Got SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouGot SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouAnton Chuvakin
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
20 Years of SIEM - SANS Webinar 2022
20 Years of SIEM - SANS Webinar 202220 Years of SIEM - SANS Webinar 2022
20 Years of SIEM - SANS Webinar 2022Anton Chuvakin
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise SecuritySplunk
 
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...Edureka!
 
Power of Splunk Search Processing Language (SPL) ...
Power of Splunk Search Processing Language (SPL) ...Power of Splunk Search Processing Language (SPL) ...
Power of Splunk Search Processing Language (SPL) ...Splunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk
 
Final Project Report-SIEM
Final Project Report-SIEMFinal Project Report-SIEM
Final Project Report-SIEMRangan Yoga
 
Terraform을 이용한 Infrastructure as Code 실전 구성하기 :: 변정훈::AWS Summit Seoul 2018
Terraform을 이용한 Infrastructure as Code 실전 구성하기 :: 변정훈::AWS Summit Seoul 2018 Terraform을 이용한 Infrastructure as Code 실전 구성하기 :: 변정훈::AWS Summit Seoul 2018
Terraform을 이용한 Infrastructure as Code 실전 구성하기 :: 변정훈::AWS Summit Seoul 2018Amazon Web Services Korea
 
Building Business Service Intelligence with ITSI
Building Business Service Intelligence with ITSIBuilding Business Service Intelligence with ITSI
Building Business Service Intelligence with ITSISplunk
 
Modern Honey Network (MHN)
Modern Honey Network (MHN)Modern Honey Network (MHN)
Modern Honey Network (MHN)Jason Trost
 
Whitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorWhitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorCamilo Fandiño Gómez
 
Get More From Your Data with Splunk AI + ML
Get More From Your Data with Splunk AI + MLGet More From Your Data with Splunk AI + ML
Get More From Your Data with Splunk AI + MLSplunk
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEMJohn Hubbard
 
클라우드 마이그레이션 성공적인 여정, 그 중요한 시작 "Readiness Assessment (전환 준비 평가)" - 김준범, AWS Mi...
클라우드 마이그레이션 성공적인 여정, 그 중요한 시작 "Readiness Assessment (전환 준비 평가)" - 김준범, AWS Mi...클라우드 마이그레이션 성공적인 여정, 그 중요한 시작 "Readiness Assessment (전환 준비 평가)" - 김준범, AWS Mi...
클라우드 마이그레이션 성공적인 여정, 그 중요한 시작 "Readiness Assessment (전환 준비 평가)" - 김준범, AWS Mi...Amazon Web Services Korea
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
Security Event Analysis Through Correlation
Security Event Analysis Through CorrelationSecurity Event Analysis Through Correlation
Security Event Analysis Through CorrelationAnton Chuvakin
 
An introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
An introduction to AWS CloudFormation - Pop-up Loft Tel AvivAn introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
An introduction to AWS CloudFormation - Pop-up Loft Tel AvivAmazon Web Services
 
Analytics Driven SIEM Workshop
Analytics Driven SIEM WorkshopAnalytics Driven SIEM Workshop
Analytics Driven SIEM WorkshopSplunk
 
IBM QRadar BB & Rules
IBM QRadar BB & RulesIBM QRadar BB & Rules
IBM QRadar BB & RulesMuhammad Abdel Aal
 
Security Automation & Orchestration
Security Automation & OrchestrationSecurity Automation & Orchestration
Security Automation & OrchestrationSplunk
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersHarry McLaren
 
Siem ppt
Siem pptSiem ppt
Siem pptkmehul
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
AWS Storage Gateway
AWS Storage GatewayAWS Storage Gateway
AWS Storage GatewayzekeLabs Technologies
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
 
LogChaos: Challenges and Opportunities of Security Log Standardization
LogChaos: Challenges and Opportunities of Security Log StandardizationLogChaos: Challenges and Opportunities of Security Log Standardization
LogChaos: Challenges and Opportunities of Security Log StandardizationAnton Chuvakin
 
NIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real WorldNIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real WorldAnton Chuvakin
 

More Related Content

What's hot

Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk
 
Final Project Report-SIEM
Final Project Report-SIEMFinal Project Report-SIEM
Final Project Report-SIEMRangan Yoga
 
Terraform을 이용한 Infrastructure as Code 실전 구성하기 :: 변정훈::AWS Summit Seoul 2018
Terraform을 이용한 Infrastructure as Code 실전 구성하기 :: 변정훈::AWS Summit Seoul 2018 Terraform을 이용한 Infrastructure as Code 실전 구성하기 :: 변정훈::AWS Summit Seoul 2018
Terraform을 이용한 Infrastructure as Code 실전 구성하기 :: 변정훈::AWS Summit Seoul 2018Amazon Web Services Korea
 
Building Business Service Intelligence with ITSI
Building Business Service Intelligence with ITSIBuilding Business Service Intelligence with ITSI
Building Business Service Intelligence with ITSISplunk
 
Modern Honey Network (MHN)
Modern Honey Network (MHN)Modern Honey Network (MHN)
Modern Honey Network (MHN)Jason Trost
 
Whitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorWhitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorCamilo Fandiño Gómez
 
Get More From Your Data with Splunk AI + ML
Get More From Your Data with Splunk AI + MLGet More From Your Data with Splunk AI + ML
Get More From Your Data with Splunk AI + MLSplunk
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEMJohn Hubbard
 
클라우드 마이그레이션 성공적인 여정, 그 중요한 시작 "Readiness Assessment (전환 준비 평가)" - 김준범, AWS Mi...
클라우드 마이그레이션 성공적인 여정, 그 중요한 시작 "Readiness Assessment (전환 준비 평가)" - 김준범, AWS Mi...클라우드 마이그레이션 성공적인 여정, 그 중요한 시작 "Readiness Assessment (전환 준비 평가)" - 김준범, AWS Mi...
클라우드 마이그레이션 성공적인 여정, 그 중요한 시작 "Readiness Assessment (전환 준비 평가)" - 김준범, AWS Mi...Amazon Web Services Korea
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
Security Event Analysis Through Correlation
Security Event Analysis Through CorrelationSecurity Event Analysis Through Correlation
Security Event Analysis Through CorrelationAnton Chuvakin
 
An introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
An introduction to AWS CloudFormation - Pop-up Loft Tel AvivAn introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
An introduction to AWS CloudFormation - Pop-up Loft Tel AvivAmazon Web Services
 
Analytics Driven SIEM Workshop
Analytics Driven SIEM WorkshopAnalytics Driven SIEM Workshop
Analytics Driven SIEM WorkshopSplunk
 
Security Automation & Orchestration
Security Automation & OrchestrationSecurity Automation & Orchestration
Security Automation & OrchestrationSplunk
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersHarry McLaren
 
Siem ppt
Siem pptSiem ppt
Siem pptkmehul
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
 

What's hot (20)

Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
Final Project Report-SIEM
Final Project Report-SIEMFinal Project Report-SIEM
Final Project Report-SIEM
 
Terraform을 이용한 Infrastructure as Code 실전 구성하기 :: 변정훈::AWS Summit Seoul 2018
Terraform을 이용한 Infrastructure as Code 실전 구성하기 :: 변정훈::AWS Summit Seoul 2018 Terraform을 이용한 Infrastructure as Code 실전 구성하기 :: 변정훈::AWS Summit Seoul 2018
Terraform을 이용한 Infrastructure as Code 실전 구성하기 :: 변정훈::AWS Summit Seoul 2018
 
Building Business Service Intelligence with ITSI
Building Business Service Intelligence with ITSIBuilding Business Service Intelligence with ITSI
Building Business Service Intelligence with ITSI
 
Modern Honey Network (MHN)
Modern Honey Network (MHN)Modern Honey Network (MHN)
Modern Honey Network (MHN)
 
Whitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorWhitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity Monitor
 
Get More From Your Data with Splunk AI + ML
Get More From Your Data with Splunk AI + MLGet More From Your Data with Splunk AI + ML
Get More From Your Data with Splunk AI + ML
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEM
 
클라우드 마이그레이션 성공적인 여정, 그 중요한 시작 "Readiness Assessment (전환 준비 평가)" - 김준범, AWS Mi...
클라우드 마이그레이션 성공적인 여정, 그 중요한 시작 "Readiness Assessment (전환 준비 평가)" - 김준범, AWS Mi...클라우드 마이그레이션 성공적인 여정, 그 중요한 시작 "Readiness Assessment (전환 준비 평가)" - 김준범, AWS Mi...
클라우드 마이그레이션 성공적인 여정, 그 중요한 시작 "Readiness Assessment (전환 준비 평가)" - 김준범, AWS Mi...
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS Migrations
 
Security Event Analysis Through Correlation
Security Event Analysis Through CorrelationSecurity Event Analysis Through Correlation
Security Event Analysis Through Correlation
 
An introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
An introduction to AWS CloudFormation - Pop-up Loft Tel AvivAn introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
An introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
 
Analytics Driven SIEM Workshop
Analytics Driven SIEM WorkshopAnalytics Driven SIEM Workshop
Analytics Driven SIEM Workshop
 
IBM QRadar BB & Rules
IBM QRadar BB & RulesIBM QRadar BB & Rules
IBM QRadar BB & Rules
 
Security Automation & Orchestration
Security Automation & OrchestrationSecurity Automation & Orchestration
Security Automation & Orchestration
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy Forwarders
 
Siem ppt
Siem pptSiem ppt
Siem ppt
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
AWS Storage Gateway
AWS Storage GatewayAWS Storage Gateway
AWS Storage Gateway
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
 

Similar to Log Standards Future Trends

LogChaos: Challenges and Opportunities of Security Log Standardization
LogChaos: Challenges and Opportunities of Security Log StandardizationLogChaos: Challenges and Opportunities of Security Log Standardization
LogChaos: Challenges and Opportunities of Security Log StandardizationAnton Chuvakin
 
NIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real WorldNIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real WorldAnton Chuvakin
 
Logging "BrainBox" Short Article
Logging "BrainBox" Short ArticleLogging "BrainBox" Short Article
Logging "BrainBox" Short ArticleAnton Chuvakin
 
Audit logs for Security and Compliance
Audit logs for Security and ComplianceAudit logs for Security and Compliance
Audit logs for Security and ComplianceAnton Chuvakin
 
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton ChuvakinEnterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton ChuvakinAnton Chuvakin
 
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...Anton Chuvakin
 
Application Logging Good Bad Ugly ... Beautiful?
Application Logging Good Bad Ugly ... Beautiful?Application Logging Good Bad Ugly ... Beautiful?
Application Logging Good Bad Ugly ... Beautiful?Anton Chuvakin
 
Making Log Data Useful: SIEM and Log Management Together by Dr. Anton Chuvakin
Making Log Data Useful: SIEM and Log Management Together by Dr. Anton ChuvakinMaking Log Data Useful: SIEM and Log Management Together by Dr. Anton Chuvakin
Making Log Data Useful: SIEM and Log Management Together by Dr. Anton ChuvakinAnton Chuvakin
 
Making Log Data Useful: SIEM and Log Management Together
Making Log Data Useful: SIEM and Log Management TogetherMaking Log Data Useful: SIEM and Log Management Together
Making Log Data Useful: SIEM and Log Management TogetherAnton Chuvakin
 
CEE Logging Standard: Today and Tomorrow
CEE Logging Standard: Today and TomorrowCEE Logging Standard: Today and Tomorrow
CEE Logging Standard: Today and TomorrowAnton Chuvakin
 
Practical operability techniques for teams - Matthew Skelton - Agile in the C...
Practical operability techniques for teams - Matthew Skelton - Agile in the C...Practical operability techniques for teams - Matthew Skelton - Agile in the C...
Practical operability techniques for teams - Matthew Skelton - Agile in the C...Skelton Thatcher Consulting Ltd
 
Logs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMALogs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMAAnton Chuvakin
 
Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008Anton Chuvakin
 
Big Data Security Analytic Solution using Splunk
Big Data Security Analytic Solution using SplunkBig Data Security Analytic Solution using Splunk
Big Data Security Analytic Solution using SplunkIJERA Editor
 
Top 10 ways to make hackers excited: All about the shortcuts not worth taking
Top 10 ways to make hackers excited: All about the shortcuts not worth takingTop 10 ways to make hackers excited: All about the shortcuts not worth taking
Top 10 ways to make hackers excited: All about the shortcuts not worth takingPaula Januszkiewicz
 
How to secure and manage modern IT - Ondrej Vysek
How to secure and manage modern IT - Ondrej Vysek How to secure and manage modern IT - Ondrej Vysek
How to secure and manage modern IT - Ondrej VysekITCamp
 
Log Mining: Beyond Log Analysis
Log Mining: Beyond Log AnalysisLog Mining: Beyond Log Analysis
Log Mining: Beyond Log AnalysisAnton Chuvakin
 
First Responders Course - Session 6 - Detection Systems [2004]
First Responders Course - Session 6 - Detection Systems [2004]First Responders Course - Session 6 - Detection Systems [2004]
First Responders Course - Session 6 - Detection Systems [2004]Phil Huggins FBCS CITP
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security OperationsEvident.io
 

Similar to Log Standards Future Trends (20)

LogChaos: Challenges and Opportunities of Security Log Standardization
LogChaos: Challenges and Opportunities of Security Log StandardizationLogChaos: Challenges and Opportunities of Security Log Standardization
LogChaos: Challenges and Opportunities of Security Log Standardization
 
NIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real WorldNIST 800-92 Log Management Guide in the Real World
NIST 800-92 Log Management Guide in the Real World
 
Logging "BrainBox" Short Article
Logging "BrainBox" Short ArticleLogging "BrainBox" Short Article
Logging "BrainBox" Short Article
 
Audit logs for Security and Compliance
Audit logs for Security and ComplianceAudit logs for Security and Compliance
Audit logs for Security and Compliance
 
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton ChuvakinEnterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
 
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
 
Application Logging Good Bad Ugly ... Beautiful?
Application Logging Good Bad Ugly ... Beautiful?Application Logging Good Bad Ugly ... Beautiful?
Application Logging Good Bad Ugly ... Beautiful?
 
Making Log Data Useful: SIEM and Log Management Together by Dr. Anton Chuvakin
Making Log Data Useful: SIEM and Log Management Together by Dr. Anton ChuvakinMaking Log Data Useful: SIEM and Log Management Together by Dr. Anton Chuvakin
Making Log Data Useful: SIEM and Log Management Together by Dr. Anton Chuvakin
 
Making Log Data Useful: SIEM and Log Management Together
Making Log Data Useful: SIEM and Log Management TogetherMaking Log Data Useful: SIEM and Log Management Together
Making Log Data Useful: SIEM and Log Management Together
 
CEE Logging Standard: Today and Tomorrow
CEE Logging Standard: Today and TomorrowCEE Logging Standard: Today and Tomorrow
CEE Logging Standard: Today and Tomorrow
 
Practical operability techniques for teams - Matthew Skelton - Agile in the C...
Practical operability techniques for teams - Matthew Skelton - Agile in the C...Practical operability techniques for teams - Matthew Skelton - Agile in the C...
Practical operability techniques for teams - Matthew Skelton - Agile in the C...
 
Logs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMALogs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMA
 
Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008
 
Big Data Security Analytic Solution using Splunk
Big Data Security Analytic Solution using SplunkBig Data Security Analytic Solution using Splunk
Big Data Security Analytic Solution using Splunk
 
Power of logs: practices for network security
Power of logs: practices for network securityPower of logs: practices for network security
Power of logs: practices for network security
 
Top 10 ways to make hackers excited: All about the shortcuts not worth taking
Top 10 ways to make hackers excited: All about the shortcuts not worth takingTop 10 ways to make hackers excited: All about the shortcuts not worth taking
Top 10 ways to make hackers excited: All about the shortcuts not worth taking
 
How to secure and manage modern IT - Ondrej Vysek
How to secure and manage modern IT - Ondrej Vysek How to secure and manage modern IT - Ondrej Vysek
How to secure and manage modern IT - Ondrej Vysek
 
Log Mining: Beyond Log Analysis
Log Mining: Beyond Log AnalysisLog Mining: Beyond Log Analysis
Log Mining: Beyond Log Analysis
 
First Responders Course - Session 6 - Detection Systems [2004]
First Responders Course - Session 6 - Detection Systems [2004]First Responders Course - Session 6 - Detection Systems [2004]
First Responders Course - Session 6 - Detection Systems [2004]
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 

More from Anton Chuvakin

Future of SOC: More Security, Less Operations
Future of SOC: More Security, Less OperationsFuture of SOC: More Security, Less Operations
Future of SOC: More Security, Less OperationsAnton Chuvakin
 
SOC Meets Cloud: What Breaks, What Changes, What to Do?
SOC Meets Cloud: What Breaks, What Changes, What to Do?SOC Meets Cloud: What Breaks, What Changes, What to Do?
SOC Meets Cloud: What Breaks, What Changes, What to Do?Anton Chuvakin
 
Meet the Ghost of SecOps Future by Anton Chuvakin
Meet the Ghost of SecOps Future by Anton ChuvakinMeet the Ghost of SecOps Future by Anton Chuvakin
Meet the Ghost of SecOps Future by Anton ChuvakinAnton Chuvakin
 
SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...
SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...
SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...Anton Chuvakin
 
SOC Lessons from DevOps and SRE by Anton Chuvakin
SOC Lessons from DevOps and SRE by Anton ChuvakinSOC Lessons from DevOps and SRE by Anton Chuvakin
SOC Lessons from DevOps and SRE by Anton ChuvakinAnton Chuvakin
 
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 BoothHey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 BoothAnton Chuvakin
 
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton ChuvakinAnton Chuvakin
 
SOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
SOCstock 2020 Groovy SOC Tunes aka Modern SOC TrendsSOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
SOCstock 2020 Groovy SOC Tunes aka Modern SOC TrendsAnton Chuvakin
 
SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC Anton Chuvakin
 
Modern SOC Trends 2020
Modern SOC Trends 2020Modern SOC Trends 2020
Modern SOC Trends 2020Anton Chuvakin
 
Anton's 2020 SIEM Best and Worst Practices - in Brief
Anton's 2020 SIEM Best and Worst Practices - in BriefAnton's 2020 SIEM Best and Worst Practices - in Brief
Anton's 2020 SIEM Best and Worst Practices - in BriefAnton Chuvakin
 
Five SIEM Futures (2012)
Five SIEM Futures (2012)Five SIEM Futures (2012)
Five SIEM Futures (2012)Anton Chuvakin
 
RSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics PresentationRSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics PresentationAnton Chuvakin
 
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
 
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
 
Practical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
Practical Strategies to Compliance and Security with SIEM by Dr. Anton ChuvakinPractical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
Practical Strategies to Compliance and Security with SIEM by Dr. Anton ChuvakinAnton Chuvakin
 
Log management and compliance: What's the real story? by Dr. Anton Chuvakin
Log management and compliance: What's the real story? by Dr. Anton ChuvakinLog management and compliance: What's the real story? by Dr. Anton Chuvakin
Log management and compliance: What's the real story? by Dr. Anton ChuvakinAnton Chuvakin
 

More from Anton Chuvakin (20)

Future of SOC: More Security, Less Operations
Future of SOC: More Security, Less OperationsFuture of SOC: More Security, Less Operations
Future of SOC: More Security, Less Operations
 
SOC Meets Cloud: What Breaks, What Changes, What to Do?
SOC Meets Cloud: What Breaks, What Changes, What to Do?SOC Meets Cloud: What Breaks, What Changes, What to Do?
SOC Meets Cloud: What Breaks, What Changes, What to Do?
 
Meet the Ghost of SecOps Future by Anton Chuvakin
Meet the Ghost of SecOps Future by Anton ChuvakinMeet the Ghost of SecOps Future by Anton Chuvakin
Meet the Ghost of SecOps Future by Anton Chuvakin
 
SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...
SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...
SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...
 
SOC Lessons from DevOps and SRE by Anton Chuvakin
SOC Lessons from DevOps and SRE by Anton ChuvakinSOC Lessons from DevOps and SRE by Anton Chuvakin
SOC Lessons from DevOps and SRE by Anton Chuvakin
 
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 BoothHey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
 
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
 
SOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
SOCstock 2020 Groovy SOC Tunes aka Modern SOC TrendsSOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
SOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
 
SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC
 
Modern SOC Trends 2020
Modern SOC Trends 2020Modern SOC Trends 2020
Modern SOC Trends 2020
 
Anton's 2020 SIEM Best and Worst Practices - in Brief
Anton's 2020 SIEM Best and Worst Practices - in BriefAnton's 2020 SIEM Best and Worst Practices - in Brief
Anton's 2020 SIEM Best and Worst Practices - in Brief
 
Generic siem how_2017
Generic siem how_2017Generic siem how_2017
Generic siem how_2017
 
Tips on SIEM Ops 2015
Tips on SIEM Ops 2015Tips on SIEM Ops 2015
Tips on SIEM Ops 2015
 
Five SIEM Futures (2012)
Five SIEM Futures (2012)Five SIEM Futures (2012)
Five SIEM Futures (2012)
 
RSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics PresentationRSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics Presentation
 
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
 
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
 
Practical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
Practical Strategies to Compliance and Security with SIEM by Dr. Anton ChuvakinPractical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
Practical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
 
Log management and compliance: What's the real story? by Dr. Anton Chuvakin
Log management and compliance: What's the real story? by Dr. Anton ChuvakinLog management and compliance: What's the real story? by Dr. Anton Chuvakin
Log management and compliance: What's the real story? by Dr. Anton Chuvakin
 

Recently uploaded

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 

Recently uploaded (20)

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 

Log Standards Future Trends

  • 1. Log Standards and Future Trends Dr. Anton Chuvakin Security Warrior Consulting www.securitywarriorconsulting.com August 2010
  • 2. Outline World of logs today Log chaos? Order is sorely needed! Past attempts to bring order to chaos! Why all failed? What does the future hold? Logging trends of the next few years
  • 3.
  • 10. VPNs
  • 17.
  • 18. Log Chaos: Login <18> Dec 17 15:45:57 10.14.93.7 ns5xp: NetScreendevice_id=ns5xp system-warning-00515: Admin User chuvakinhas logged on via Telnet from 10.14.98.55:39073 (2002-12-17 15:50:53) <57> Dec 25 00:04:32:%SEC_LOGIN-5-LOGIN_SUCCESS:LoginSuccess [user:antonc] [Source:10.4.2.11] [localport:23] at 20:55:40 UTC Fri Feb 28 2006 <122> Mar 4 09:23:15 localhostsshd[27577]: Accepted password for anton from ::ffff:192.168.138.35 port 2895 ssh2 <13> Fri Mar 17 14:29:38 2006 680 Security SYSTEM User Failure Audit ENTERPRISE Account Logon Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0    Logon account:  ACHUVAKIN   
  • 19. Log Chaos Everywhere! No standard format No standard schema No standard meaning No taxonomy No standard transport No shared knowledge on what to log and how No logging guidance for developers No standard API / libraries for log production
  • 20. Result? %PIX|ASA-3-713185 Error: Username too long - connection aborted Aug 11 09:11:19 xx null pif ? exit! 0 ERROR: transport error 202: send failed: Success userenv[error] 1030 RCI-CORPsupx No description available
  • 21. So, what can we expect?
  • 22. If We Don’t Stop It … MORE logs (learn what’s a “petabyte”!) Distributed logging -> WIDELY distributed logging across applications, systems, etc More REALLY bad logs from custom applications We work harder – and still MISS important things in logs (see VzBIR 2010!) BIG log DATA comes and kills us! 
  • 23. Cloud to the Rescue? Question: do you think “cloud” will make logging better due to APIs, XML, structured data, etc? Answer:  "If your security and trust models suck now, you'll be pleasantly surprised by the lack of change when you move to cloud“ Chris Hoff @ Cisco
  • 25. Standards: The ONLY Way Out! FIRST: make it easier to know what logs tell us! Easier to report on logs and explain the reports Deeper insight into future problems Easier system interoperability Common logging practices Easier to explain what is in the logs to management and non-IT people
  • 26. What Becomes Possible? All those super-smart people at SIEM vendors can stop parsing and start analyzing What the events mean? Consequences? Actions? Maybe even prediction? Different systems can mitigate consequences of each others’ failures We can finally tell the developers “what to log?” and have them “get it!”
  • 27. Various Logging Standards by Type Log format Example: Syslog, a non-standard standard Example: IDMEF, a failed standard Log contents No standard to speak of: logs = trash can because application developers dump what they want there (and how they want!) Log transport Example: Syslog (TCP/UDP port 514) Logging practices / recommendations Example: NIST 800-92 (for security only)
  • 28.
  • 32. SDEE – Cisco+Old, mostly dead standards: CIDF – DARPA (became IDMEF) IDMEF – IETF (never adopted by anybody) CIEL – MITRE (cancelled early) Alive: OpenXDAS and syslog RFC5224
  • 33. What Killed’em ALL? Lack of adoption – BIG one! “Solution in search of a problem” “Overthinking” designers Standard complexity Emphasis on XML Vendors and their tactical focus (or “marketing standards”) Narrow approach (e.g. just IDS)
  • 34. What Worked? NIST 800-92 Guide to LM “This publication seeks to assist organizations in understanding the need for sound computer security log management. It provides practical, real-world guidance on developing, implementing, and maintaining effective log management practices throughout an enterprise. “
  • 35. Pause … How we want the future world of logging to look like?
  • 36.
  • 37. To specify the event in a common representation
  • 39. For parsing out relevant data from received log messages
  • 43.
  • 44. Log correlation (SIEM) capabilities
  • 47.
  • 48. Conclusions: Future of Logging Log standard is sorely needed About 30 years of IT has passed without it If we don’t do it, BIG log DATA will eat us alive! Current analysis methods are failing fast A log standard will be created CEE team has learned the lessons of others Let’s get to work! LogChaos must die! 
  • 49. … but wait! What about the growing volumes?
  • 50. Log Math 100,000 log messages / second x 300 bytes / log message ~ 28.6 MB x 3600 seconds  ~ 100.6 GB / hour x 24 hours ~ 2.35 TB / day x 365 days ~ 860.5 TB / year x 3 years ~ 2.52 PB Now you know what is a petabyte and a trillion!
  • 51. Well… Well, that’s the battle we still have to fight
  • 52. Questions? Dr. Anton Chuvakin Security Warrior Consulting Log management , SIEM, PCI DSS Email:anton@chuvakin.org Site:http://www.chuvakin.org Blog:http://www.securitywarrior.org Twitter:@anton_chuvakin Consulting:http://www.securitywarriorconsulting.com
  • 53. More on Anton Consultant: http://www.securitywarriorconsulting.com Book author: “Security Warrior”, “PCI Compliance”, “Information Security Management Handbook”, “Know Your Enemy II”, “Hacker’s Challenge 3”, etc Conference speaker: SANS, FIRST, GFIRST, ISSA, CSI, RSA, Interop, many, many others worldwide Standard developer: CEE, CVSS, OVAL, etc Community role: SANS, Honeynet Project, WASC, CSI, ISSA, OSSTMM, InfraGard, ISSA, others Past roles: Researcher, Security Analyst, Strategist, Evangelist, Product Manager
  • 54. Security Warrior Consulting Services Logging and log management strategy, procedures and practices Develop logging policies and processes, log review procedures, workflows and periodic tasks as well as help architect those to solve organization problems Plan and implement log management architecture to support your business cases; develop specific components such as log data collection, filtering, aggregation, retention, log source configuration as well as reporting, review and validation Customize industry “best practices” related to logging and log review to fit your environment, help link these practices to business services and regulations Help integrate logging tools and processes into IT and business operations SIEM and log management content development Develop correlation rules, reports and other content to make your SIEM and log management product more useful to you and more applicable to your risk profile and compliance needs Create and refine policies, procedures and operational practices for logging and log management to satisfy requirements of PCI DSS, HIPAA, NERC, FISMA and other regulations More at www.SecurityWarriorConsulting.com

Editor's Notes

  1. “DATA” is not really DATA – more like crap. BIG CRAP!
  2. Applies to logs perfectly!Cloud might enable better log analysis though
  3. http://chuvakin.blogspot.com/