Pros and Cons of Logging - Log4j - Peer Responses

In this week students were required to review peer posts on pros and cons of logging, pertaining to the Log4j breach and provide at least 2 responses.

Peer Responses:

  1. Hello Hainadine,

This is a very good post. I completely agree with your first statement in relation to security analysts handling log data from various sources to identify suspicious activity and that comprehensive log analysis is still a manual process that does not scale well. Even while log monitoring is essential for contemporary networks and systems, there are some disadvantages. For example, a lot of automation is used in log management and monitoring today. Most of the time, that’s a good thing. Otherwise, a great deal of data would be lost since people are questionable when it comes to sorting, organizing and analyzing it. The automation provided by the log management software, however is limited by the preset parameters a person provides it. Regretfully, there are new risks and issues that arise practically every day. Although the log monitoring software can assist and detect and even remove some of those automatically, the correct setup of that software still requires the labor of committed humans.

References:

  • RevDeBug. (2022). Log monitoring: what are the benefits and disadvantages? [online] Available at: https://revdebug.com/blog/log-monitoring-benefits-disadvantages/. [Accessed 16 December 2023].
  1. Hello Amrol,

This is a very interesting and insightful post. I was not previously aware of the ISO 27001 regulations. Having done some research on it, I can see how some of these regulations can play a key role in logging. For example, event logging, storage, protection of log information and analysis, which specifically states that logs must be analyzed at regular intervals to ensure that unusual behavior and errors are properly detected and investigated in a timely manner. (Segovia, A. 2015) I think also plays a key role in helping organizations avoid potentially costly security breaches by being able to show customers, partners and shareholders that they have taken steps to protect data in the event of a breach.

References:

  • Segovia, A.J. (n.d.). ISO 27001 logging: How to comply with A.8.15. [online] advisera.com. Available at: https://advisera.com/27001academy/logging-according-to-iso-27001/. [Accessed 16 December 2023].

Reflection: This collaborative discussion was the most challenging out of all discussions due to the fact that it was a new unexplored territory, especially with Log4j breach. A fellow student raised a good point regarding the ISO 27001 regulations which I was not previously familiar with. Having done some research on it, this is something I could definitely be able to use in the future and add to my list of good policies to be aware of.