midterm essay

docx

School

Collin County Community College District *

*We aren’t endorsed by this school

Course

2330

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

5

Uploaded by ConstableIce18077

Report
ITSY 2330 When an organization starts to aggregate logs, they should consider the several types of logs they would want to use within their system. They can range from critical systems to applications that can provide information on security events to performance issues within the whole organization. Authentication logs can provide information on successful and failed login attempts, including the user's username and IP address. By analyzing authentication logs, organizations can detect potential unauthorized access attempts and suspicious activity. A system log contains information about system events and can help identify potential security incidents. Another viable log to collect is the application log, it can identify specific issues with applications and can be used to monitor an application performance. According to CrowdStrike (n.d.), "application logs are useful for identifying a variety of issues related to applications, including software bugs, runtime errors, configuration problems, and potential security incidents." Depending on the size of the organization and the amount of data generated, the resources required can be significant. Collecting logs requires agents to be installed on each device, and these agents consume resources, such as memory and CPU cycles, on the devices on which they are installed. Storing logs can also be resource-intensive, as logs can quickly consume enormous amounts of storage space. According to Datadog (n.d.), "Log aggregation is the process of collecting and centralizing logs from multiple systems or applications in a single place for easier analysis." Depending on the amount of log data generated by an organization, it can quickly become overwhelming to manage and store. This can lead to performance issues, as well as increased costs for storage and processing power. If an organization were to have unlimited resources, it can collect as many logs as possible from all points such as systems, applications, and devices. This would include logs
from network devices, endpoint devices, mobile phones, and many more things to choose from. Ideally, when you start to collect logs, you must prioritize the most crucial systems and applications that are vital got compliance and regulation purposes. But with unlimited resources you are open to so much more and could collect a ton of logs that will help identify potential security threats. But if one doesn’t have unlimited resources, it is important to find that balance between log data and the resources required to collect so you can have an effective log management system. Sys admins may have some pros when it comes to only collecting infrastructure logs because it can reduce the amount of data that has to be stored and processed which leads to saving resources used for the organization. It can also lead to making it a simply way to identify issues within the infrastructure as the logs are targeted for certain systems. The main con is that it can lead to limited reach to detect potential attacks and incidents since you only collected a certain amount. In contrast, security admins collect all the logs because it can provide a more in- depth view of the organization’s system thus allowing more effective security and incident response. The downside to this is an obvious one and that is the cost would go up and you would be required to have a lot of storage to do this. The overall goal for Sys admins would be to monitor and manage the performance and avavilibity of systems and applications, while security admins would target potential security risks. I would fall on the side that collects all the logs because it can provide a more in-depth look into the organization leading to find issues more quickly and easily. So, a hybrid of the two would be the best approach to help the organization. Elastic Search and Splunk are what I believe are the most popular products for aggregating logs. The main difference is one is free and the other one is available at a high cost. Elastic is open source and free to be used by anyone and has incredible capabilities to help save
an organization money with its IT innovations in security and risk management. According to Signoz.io (2021), "Elasticsearch is one of the most widely used search engines for text-based documents, and it's commonly used for log data because of its ability to scale horizontally and search quickly." Splunk is not open source like Elastic Search or ELK. It is commercial and available for a price to people which is a big con of the product. According to Signoz.io (2021), “In Splunk, data is stored in indexes made up of file buckets. These buckets contain data structures that enable Splunk to determine if the data includes terms or words. Buckets also contain compressed, raw data. This data is usually reduced to 15% of its original size, once compressed, to help Splunk store data efficiently.” This can be a major con and make it cost effective so you can reduce the size of storage needed. Another key feature of Splunk would be it’s data replication so you wouldn’t worry about data loss. Elastic Search would benefit any corporation no matter the size. It is highly customizable and can be used to search, analyze, and visualize data in real-time, making it a popular choice for organizations looking to gain insights from their log data. Splunk is suitable for both small and large organizations, with different pricing options depending on the organization's needs. It can handle high volumes of logs and data and is highly scalable, making it a good choice for large enterprises with extensive logging requirements. Overall, it just depends on the organization specific logging needs also what fits better with the budget they can offer. In conclusion, log aggregation is a crucial part of any organization's security and risk management strategy. By collecting and analyzing logs from various systems and applications, organizations can detect potential security incidents, performance issues, and more. However, the amount of data generated can quickly become overwhelming and resource-intensive, leading to increased costs and performance issues. Therefore, finding a balance between log data and
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
resources required is crucial for an effective log management system. Both Elastic Search and Splunk are popular products for aggregating logs, with different pricing options and features suitable for different organization needs. Ultimately, the best approach is a hybrid of collecting infrastructure logs and all logs to achieve effective monitoring, management, and security of an organization's systems and applications.
References Datadog. (n.d.). Log Aggregation. Datadog Knowledge Base. Retrieved April 13, 2023, from https://www.datadoghq.com/knowledge-center/log-aggregation/ CrowdStrike. (n.d.). Application log. Cybersecurity 101. https://www.crowdstrike.com/cybersecurity-101/observability/application-log/ Singh, A. (2021, March 23). Elasticsearch vs. Splunk: Which One is Better for Log Management? Signoz. https://signoz.io/blog/elasticsearch-vs-splunk/

Related Documents

ADTA_5240_assignment_2.1_ADII.docx
Final Exam Risks Mngmnt.docx
Assignment 2 ITM210 Project Charter.docx
Case Two.pptx
W08 Tutorial Exercise.docx
Project Paper.docx
Tech Briefing.docx
Week 4 Lab 1.docx
Week 9-BigdataDataLakeDataWarehose.docx
JThomas_Clinical Documentation Worksheet_112623.docx
Email # 2 Bad News.docx
Quiz Technology in Counseling.pdf