Stupid Log Tricks (2024)

By Matt Carothers, Cox Communications

Many years ago, a security team participated in a compliance audit. To pass the audit, they demonstrated to the auditor that their team maintained a full year of security log data. As proof of compliance, they sent a screen shot from their Security Incident and Event Management (SIEM) system showing it configured to store one year of logs. They passed the audit with flying colors, but in the best example I know of demonstrating “compliance is not security,” they later discovered the SIEM only actually had enough disk space for thirty days.

Thus began a journey to upgrade or replace the SIEM, and they quickly realized they had fundamental architectural flaws. First, expanding storage would be expensive because the team relied on a single vendor using proprietary technology. Additionally, every device producing logs sent them directly to the SIEM and thus would require massive effort to reconfigure if a new vendor was chosen. Finally, the SIEM itself did not meet every need of a modern security team. While it alerted on real time events relatively effectively, searching for historical data for investigations or hunting could take hours to complete.

To solve those problems, the team started from a blank slate to create a new kind of logging architecture.

It would be fast, flexible, scalable, and cost effective. This paper takes the reader from our original design with all its flaws to our modern implementation and its numerous benefits.

By clicking the "Download Paper" button, you are agreeing to our terms and conditions.

Similar Papers

How Cox Communications Implemented an Expert System for Service-First Autonomous Operations
By Dave Norris, Cox Communications
2021
Customer Safety Initiative
By Matt Carothers & Damien Whaley, Cox Communications
2019
Motivational Metrics for Security: Driving Progress Without Burning Bridges
By Matt Carothers, Cox Communications; Brad Boucher, Cox Communications
2023
Modernizing Cox Communication’s Access and Aggregation Network Infrastructure for Remote PHY Deployment
By Deependra Malla, Cox Communications Inc.
2021
Cox Next Generation 400G IP+OLS Architecture for Maximum Network Optimization and Cost Benefits
By Saurabh Patil, Cox Communications; Jason Bishop, Cox Communications
2023
The Evolution of Cable Network Security
By Matt Tooley, NCTA, Matt Carothers, Cox Communications, Michael Glenn, CableLabs, Michael O’Reirdan, Comcast, Chris Roosenraad, Time-Warner Cable, and Bill Sweeney, Comcast
2015
COX CPEONE Suite Now and in the Future!
By Judy Brown, Cox Communications; Matan Becker, Cox Communications
2024
The Cox National Backbone: Building A Scalable Optical Network For Future Applications And Network Evolution
By Dan Estes, Cox Communications and Gaylord Hart, Infinera
2008
Node Health Within Cox ACOE’s Service Health Framework
By Shane Yates, Brian Stublen & Alexis Hwang, Cox Communications
2021
DWDM Access for Remote PHY Networks Integrated Optical Communications Module (OCML)
By Harj Ghuman, Cox Communications
2017
More Results >>