5 Minutes to Successful SaaS Logging
Dan Hubbard & the Tarsal Team
Dan Hubbard & the Tarsal Team
If I had an hour to solve a problem I’d spend 55 minutes thinking about the problem and 5 minutes thinking about solutions. – Einstein
Take a moment to think about all the data that you believe you should be logging for security reasons then double it and that is likely the number of sources you need. There are the obvious ones like your IAM, EDR, Firewall, and Cloud infrastructure logs, but security data is everywhere! They range from; Active Directory, HR system logs, Finance logs, and all the logs that your proprietary systems store. It’s likely your security posture, your compliance, and your overall response capabilities would be dramatically different if you could log, store, query, and correlate all the logs.
At this point, most folks jump to the conclusion that the pain is in the data storing side. While this is often true, a lot of the pain is the logging of said systems into the data store.
Imagine every system you manage has its own proprietary format, can change with minimal notice (if at all), include a lot of duplicate data, and may contain information that you do not want in your centralized repository. The complexity curve of this is very high and typically you end up having some choices:
In any of these cases you are running in an non ideal environment which will lead to a lack of security visibility and efficacy, compliance and regulatory infractions, and using critical engineering resources which could be utilized for other means.
As Ryan McGeehan mentioned in his latest post about detection engineering “Get your logs in order”.
This sadly may come across as a cheezy late night infomercial (remember those?), but Tarsal can help you solve this problem in 5 minutes or less.
Tarsal is a leader in giving you control to the log audit chaos with an incredible simple to use SaaS service that takes all your audit logs and automatically normalizes, parses, reduces, and enriches your logs and submits them into top data stores, warehouses, and SIEMS.
And yes, they maintain the service moving forward so you don’t have to.
My lack of an art degree withstanding, I have attempted to diagram the whole thing below:
All that said, if you believe this is important to your organization, don’t just take my word for it and visit www.tarsal.co for a free trial and/or to set up a demo.