Between putting out fires and other day-to-day priorities, it is almost impossible for any IT professional to absorb log data daily. If a cybersecurity team is being honest, they don’t regularly review logs, which puts the organization in a compromised position by lowering its security posture.
But most would agree that regular log review is a best practice.
Organizations that try to cut corners in log management and threat intelligence are begging for problems. I’ve never seen a job description for a log reviewer. That’s ridiculous! Even if an organization has the smartest people in the world working for them who understand how to work a SIEM or SOAR, which includes reading logs, continued education on log management since technology changes daily, and having the expertise to fix whatever attacks that those logs discover, there isn’t enough time in a day to perform their day-to-day duties.
Organizations are facing hard economic times right now, so what happens if the Net Admin or Sec Admin quits, retires or if they are downsized? What happens at 4 AM on New Year’s Day when there is an alert of something malicious or suspicious, and everyone is on vacation except for your lone Security professional who is sick and fell asleep from their NyQuil medicine?
According to ABC News, the recent T-Mobile hack started on November 25, and they notified the proper agencies when they discovered the hack on Jan. 5, 2023.
Think of the timing: Thanksgiving was November 24th, and the hack started the day after and wasn’t discovered until after the new year, once everyone returned from their vacation holidays.
A threat intelligence platform like Cybersixgill can allow organizations to stay ahead regarding emerging threats. A threat intelligence platform can help organizations quickly identify and respond to new or evolving threats by constantly monitoring potential threats and analyzing the data it collects. This can help organizations minimize the impact of attacks and reduce the chances of a successful ransomware attack or, in this case, security breaches.
In my opinion, it is best to go with a comprehensive security approach with a SaaS that offers threat intelligence and a comprehensive log management solution, including a backup service that's available 24/7/365.
The company's business and reputation are worth the cost. I’m sure it would be cheaper to have a team using Cybersixgill for threat intelligence that can effectively communicate with internal teams that monitor the logs 24/7 if the organization is truly serious about information security. If they are looking for a checkbox from an auditor, then information security about threat intelligence coupled with log management doesn’t matter until they get breached.
Learn more about how Cybersixgill automatically aggregates data leaks and alerts customers in real time.