In today's complex and constantly changing technological world, the process of gathering, protecting and verifying the integrity of data has become more difficult than ever. One specific problem that plagues security teams today occurs when incidents are falsely reported by security systems. This is an issue because it indicates the presence of what is called a bad actor, and these bad actors can continue to operate within a data system if they are not dealt with quickly.
Johns Hopkins University professor Jeffrey Ritter recently gave a webcast presentation outlining the steps organizations can take to trust their data to make incident management more efficient. One of the topics Ritter discussed at length in his presentation is log data -- sensors that record almost every computer function -- including keystrokes, processes, privilege and rights verifications, identity authentication, and physical location. These functions are important to track because they're incredibly difficult to falsify.
This data has become so reliable, Ritter noted, that log data analysis can even function as a witness, of sorts, in court proceedings. Specifically, in one 2016 case, a Chinese businessman was caught in Vancouver, B.C., having stolen Boeing plane data and planning to sell that data in China. The only witness in the trial for this offense was the man's computer and the log data stored on it. The man was convicted on this testimony alone, showing the power of log data analysis.
But with log data becoming increasingly powerful, it still must be gathered, recorded and processed to unlock its true potential, Ritter explained.
This can be costly for organizations: An individual completing log data analysis duties will wind up spending almost 20% of their time doing so, Ritter said. When the cost of paying them for these hours of work is combined with the cost of them not doing other work, it becomes quite expensive, he added.
After this data is processed, the issue for organizations is protecting it. The process of protecting log data has traditionally fallen to record-keeping personnel. But with log data being used as testimony, it will need to be secured by security personnel going forward, forcing significant process changes for most organizations, Ritter said.
Even with the significant costs of doing so, Ritter believes organizations should invest in data governance to back up the integrity of data stored by an organization. Ritter did, however, state that depending on corporate culture, security personnel may have a difficult time lobbying in favor of data governance investment.
Watch the full webcast to learn more from Ritter about how tapping into log data can ultimately improve incident management processes companywide.