Data-in-motion (logs, containers, events, streams, IOTs, etc.) generated by Organization’s systems and software are fundamental to help understanding what is happening from IT security point of view.
For example, log data can tell if someone is attacking a company, if they already got unauthorized access to their systems, if they have illegally extended their privileges or if they move sideways through the network.
Logs can reveal misuse of credentials, suspicious scanning activities, and all other types of abnormal or malicious behavior.
Unfortunately, the huge volume of data generated by infrastructures and applications makes it extremely difficult for Cybersecurity analysts to quickly extract intelligible and reusable information.
To perform a security survey, analysts must collect data from all relevant sources. Systems, applications, databases, security tools and network infrastructures produce an incredible amount of structured or unstructured data, often unharmonized, distributed and heterogeneous.
Any such investigation requires both a specific drill-down in the security information hidden in this “mare magnum”, and to collect and store a huge amount of data, usually in the long term, in order to allow subsequent audit operations with a wide depth of time.
Cybersecurity departments and SOCs (Security Operations Centers) should be able to identify and understand data collected from heterogeneous sources (logs, containers, streams, etc.), possibly in real time, easily translating them into structured and usable “Security Events“, in order to accelerate investigations.
Contemporary technologies, if declined through the right paradigms, can adequately satisfy these needs, in full compliance with the GDPR regulations…