This is a huge benefit for us as a team, especially because Graylog is a well-maintained and documented stack and is an attractive option based on our constraints. If we ship logs to Graylog, we solve user stories one and two from the previous post. This makes our system available to multiple teams as opposed to just security. Graylog makes use of streams, which can be used as an access control mechanism for multiple users viewing subsections of logs based on their team.Graylog also has a Kibana competitor with its Webserver frontend, with useful features such as account management and native alerting with emails/pagerduty.Graylog uses the popular Elasticsearch technology stack which makes log indexing and searching straightforward. We have teams at Fastly that work closely with the security team to manage infrastructure like this in production.We want to restrict access to sensitive logs and have ownership of their security to reduce the attack surface.We went through similar motions at Fastly, and decided on Graylog as our log management technology. Lastly, do you want to host sensitive log and audit data on infrastructure you do not own? Will you spend the money for a SaaS provider? If not, an open source stack can cost more money in terms of people and infrastructure. It all comes down to resources, which include budget, people that manage the infrastructure, and policy. There are SaaS companies that will manage this infrastructure for you, and there are open source log managers that give users granular control over the infrastructure. When selecting log management technologies, you have to make a few decisions about how you want to manage them from an infrastructure viewpoint. “We Do Not Sow” - Introducing House Graylog foo.log we should take full advantage of technologies that excel at making this amount of data intuitive for humans to sift through. Further analysis should never mean grep A.B.C.D. In our case, it’s an rsyslog server and it has a collection of logs that exist on disk for further analysis. The previous post assumes that there was already a syslog aggregator server in this environment. Now we can use this topology to move forward with the Systems Diagram and start performing the next step: technology selection. In our example, we have a central Syslog Aggregator that pools together logs from all of our services. In Lean Threat Intelligence, Part 1: The Plan, we discussed the general workflow the Threat Intelligence team at Fastly uses to plan for projects. This is the second part in a series on Lean Threat Intelligence. Lean Threat Intelligence Part 2: The foundation Security Next-Gen WAF Bot protection DDoS mitigationīy industry Streaming media Digital publishing Online retail Financial services SaaS Travel & hospitality Online educationīy need Infrastructure savings Multi-cloud optimizationīy service Live event services Professional services Managed CDN Support plans Network Services Content delivery (CDN) CDN Video Streaming Load balancing Image Optimization TLS encryption Origin Connect The platform behind the products that lets you create unforgettable experiences at global scale Learn more
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |