5 Minutes to Successful SaaS Logging 

Dan Hubbard & the Tarsal Team

Image

If I had an hour to solve a problem I’d spend 55 minutes thinking about the problem and 5 minutes thinking about solutions. – Einstein 

Take a moment to think about all the data that you believe you should be logging for security reasons then double it and that is likely the number of sources you need. There are the obvious ones like your IAM, EDR, Firewall, and Cloud infrastructure logs, but security data is everywhere! They range from; Active Directory, HR system logs, Finance logs, and all the logs that your proprietary systems store. It’s likely your security posture, your compliance, and your overall response capabilities would be dramatically different if you could log, store, query, and correlate all the logs. 

At this point, most folks jump to the conclusion that the pain is in the data storing side. While this is often true, a lot of the pain is the logging of said systems into the data store. 

Imagine every system you manage has its own proprietary format, can change with minimal notice (if at all), include a lot of duplicate data, and may contain information that you do not want in your centralized repository. The complexity curve of this is very high and typically you end up having some choices:

  1. Do not log centrally certain data sources
  2. Pay a lot of money for storing all the logs
  3. Hire / maintain engineer(s) to build customer parsers and audit log pipelines

In any of these cases you are running in an non ideal environment which will lead to a lack of security visibility and efficacy, compliance and regulatory infractions, and using critical engineering resources which could be utilized for other means. 

As Ryan McGeehan mentioned in his latest post about detection engineering  “Get your logs in order”. 

5 Minutes

This sadly may come across as a cheezy late night infomercial (remember those?), but Tarsal can help you solve this problem in 5 minutes or less. 

Tarsal is a leader in giving you control to the log audit chaos with an incredible simple to use SaaS service that takes all your audit logs and automatically normalizes, parses, reduces, and enriches your logs and submits them into top data stores, warehouses, and SIEMS. 

And yes, they maintain the service moving forward so you don’t have to. 

  • No more writing and maintaining SaaS Log parsers and pipelines
  • No more hiring or moving engineers for this purpose
  • Increased visibility into all your log data
  • Improvement in compliance and security efficacy 

My lack of an art degree withstanding, I have attempted to diagram the whole thing below:

All that said, if you believe this is important to your organization, don’t just take my word for it and visit www.tarsal.co for a free trial and/or to set up a demo.