How CrowdStrike is driving the convergence between log management, security and observability

CXOToday has engaged in an exclusive interview with Mr. Nitin Varma, Managing Director, India & SAARC, CrowdStrike

1. Please give an overview and importance of log management, best log management practices specific to organisations in India?

 Log management is the practice of continuously gathering, storing, processing, synthesizing and analyzing data from disparate programs and applications in order to optimize system performance, identify technical issues, better manage resources, strengthen security and improve compliance. It plays a crucial role in identifying cyberattacks targeted towards an organization or internal networks, providing an early warning of malicious intent. An effective log management solution provides organizations with unified data storage through centralized log aggregation, improved security through a reduced attack surface, real-time monitoring and improved detection and response times, improved observability and visibility across the enterprise through a common event log. Log files are simple text files containing detailed information regarding usage patterns, activities, and operations, while specifying if the nature of a log is informational, descriptive, or a warning.

The massive amount of data being created in today’s digital world, has made it impossible for IT professionals to manually manage and analyze logs across a sprawling tech environment. And Indian enterprises are no exception. As such, they require an advanced log management system and tools that automate key aspects of the data collection, formatting and analysis processes.

Here are some key considerations to make when investing in a log management system:

• Prioritize automation tools to reduce the IT burden: Many recurring tasks related to data collection and analysis can be automated using advanced tooling. Organizations should prioritize automation capabilities within any new log management tools and consider updating legacy solutions to reduce manual effort during this process
• Centralized system for better access and improved security: Storing and connecting data in a centralized location helps organizations more quickly detect anomalies and respond to them. In this way, a centralized log management system can help reduce breakout time-or the critical attack window
• Bespoke monitoring and retention policy: Given the volume of data being created, organizations must be discerning as to what information is collected and how long it should be retained. Organizations should perform an enterprise-wide analysis to determine what inputs are critical to each function
• Leverage the cloud for added scalability and flexibility: Organizations should consider investing in a modern, cloud-based solution for their log management system. Using the cloud provides enhanced flexibility and scalability, easily allowing the organizations to expand or shrink their processing and storage capacity based on variable needs

2. How is CrowdStrike enhancing log management capabilities for organizations?

In March 2021, CrowdStrike recognized the importance of log management and observability by acquiring Humio, a leading provider of log management technology. In the months since, CrowdStrike has delivered new ways to use this technology to power better security processes for customers while exploring new ways to use log management in DevOps, ITOps and other areas where enhanced observability is critical.

Through a unified platform and single, lightweight agent and its modern log management solution, Falcon LogScale, Crowdstrike aims to drive the convergence of security and observability. Built using a unique index-free architecture and advanced compression technology that minimizes hardware requirements, Falcon LogScale allows IT teams to aggregate, correlate and search live log data with sub-second latency. This powerful and versatile technology helps eliminate IT system blind spots and identify potential threats faster – all at a lower total cost of ownership than legacy log management platforms. Enterprises can now have modern log management and observability features in an expert-driven, managed solution with Falcon Complete LogScale. Falcon Complete LogScale combines Falcon LogScale’s effectiveness with CrowdStrike’s dedicated team of service specialists that give highly tailored log management expertise, allowing enterprises to answer any inquiry and obtain important insights from all their logs in real time.

3. How can Indian companies stay within their log management budget with Falcon LogScale? 

Log retention was cited as one of the top challenges by enterprises for complying with CERT-In’s mandate as this could mean additional expenses. While log management is important, today many companies struggle to stay within their log management budget. In many cases, the costs associated with log management are prohibitive for enterprises to be able to collect the logs they need to address in every use case.

However, with CrowdStrike’s Falcon LogScale (formerly known as Humio), a centralized log management technology, organizations can make data-driven decisions about the performance, security and resiliency of their IT environment. Falcon LogScale enhances observability for all log and event data by making it fast and easy to explore critical log information, eliminate blind spots and find the root cause of any incident.

It gives IT organizations a single platform that can store, analyze and retain all log and events data at petabyte scale. Falcon LogScale minimizes the computing and storage resources required to ingest, search, transform and retain log data. It’s advanced compression technology and bucket storage saves customers up to 70% on compute and storage costs, compared to legacy platforms. As a result, Falcon LogScale offers a lower total cost of ownership than legacy platforms, while delivering the power and speed needed in today’s complex IT infrastructures. With all these benefits, Indian companies can stay within their log management budget using Falcon LogScale.

4. How can enterprises overcome today’s security and compliance challenges?

With the advancement of new technologies and IT practices, security challenges have become a high priority for IT organizations. This includes moving to the cloud, big data, increased use of open source frameworks and many other technologies.

Here are some ways organizations can tackle these critical security challenges facing their IT environment:

• Visibility and control: Without deep visibility into their infrastructure, organizations face a reality of increasing risk, where a mix of misconfigurations, attacks and data breaches potentially slip under the radar. To solve this problem, it is critical for organizations to be proactive by putting tooling in place, like cloud security posture management, which provides centralized management and visibility across the entire hybrid infrastructure
• Data Security: It is critical for organizations to develop and implement a comprehensive data security strategy as data moves to the cloud. Following the shared responsibility model, organizations are responsible for protecting their data. This can take multiple forms, including encryption, multifactor authentication (MFA) and microsegmentation. Each aspect of an organization’s strategy can help improve protection against unauthorized data access and meet compliance mandates. Another critical element of a data security strategy is real-time monitoring, detection and response. These threat detection and response capabilities should be supported by machine learning and analytics to better identify anomalies and malicious activity.
• Navigating the cybersecurity skills gap: The shortage of cybersecurity professionals means organizations are competing to hire and retain staff. Cybersecurity skills gap has resulted in increased staff workloads, employee burnout and attrition. Organizations facing the skills shortage gap should look to key solutions like managed detection and response (MDR) for the cloud and cloud threat hunting to augment their staff and serve as a security operations center (SOC) force multiplier.

In addition to the above, organizations also need to be compliant with various regulations depending on where they are conducting business.  Some of the best practices in solving compliance challenges include enhancing data collection, clear understanding of process workflow, establishing efficient processes and companies keeping the availability of audit trails and log systems.