CenturyLink is enhancing its Security Log Monitoring offering to specifically address hybrid networking environments, the shift of workloads to the cloud and the increased mobility of the workforce by offering a single view of hundreds of common log source types.
Combining that single view with correlated threat intelligence, some new cloud security monitoring features and a mobile application for real-time, rapid threat detection and response, CenturyLink claims it can give enterprises not only better visibility into potential threats but also a faster way to respond to them.
As importantly, the new enhanced Security Log Monitoring 2.0 service is being offered at no charge for up to 10 gigabytes per traffic ingested per day, said Chris Richter, vice president of global security services for CenturyLink.
"The intent behind the service is to reduce the cost of security while improving performance and improving security efficacy overall," Richter said. Instead of operating their own security operations center and buying their own security information and event management tools plus hiring people to operate them, "enterprises can outsource the SOC and SIEM functions and log management functions that they would otherwise have to do on their own."
Richter says the benefits to enterprises include lower cost, reduced complexity and improved security and performance.
CenturyLink is leveraging its 2016 purchase of netAura, a security log management and SIEM platform company to which customers could outsource their logs, he explains.
"Over the last two years plus a few months, we have been building on that platform and expanding our log collector infrastructure, adding to the types of logs that we ingest and enhancing and improving the algorithms in our correlation engine," Richter said. "This log management and SIEM platform is built on open source and proprietary tools and it is used by personnel in seven global SOCs. We ingest logs from any environment -- they don't need to be on the CenturyLink network. We use virtual log collectors that are virtual machine-based that can be put inside the customers' environment or customers can push their logs to our network-based global log collectors."
Boost your understanding of new cyber security approaches at Light Reading's Automating Seamless Security in Carrier & Enterprise Networks event on October 17 in Chicago! Service providers and enterprises receive FREE passes. All others can save 20% off passes using the code LR20 today!
Typically firewall logs are collected but also those from virtual private networks, databases, cloud infrastructure and servers, he added. The ability to bring all those types of disparate logs into a central site gives enterprises greater visibility into their networks and the ability to better correlate activity faster.
Enterprises who grow their businesses beyond the 10-gig daily rate, in terms of log data ingested, will pay for the service based on usage, and Richter says many businesses will do that. The free 10-gig approach at least lets companies try the service before they commit financially.
Businesses are at greater risk in the hybrid networking world because there are more places where data should be collected, to detect potentially dangerous patterns, he adds. What CenturyLink is trying to do is provide a "very adaptable platform for business environments that are going through this kind of transition," Richter said. "The logs can be gathered anywhere on the globe."
The log collection tools go hand-in-hand with SIEM tools which then use log data to perform event correlation and analysis, he says. In addition, log data often must be retained to meet industry and regulatory compliance.
"We also are in the process of integrating our threat intelligence platform with our log management platform so we can see real-time active threats," Richter noted. "That's the next step in this process."
— Carol Wilson, Editor-at-Large, Light Reading