Machine learning in log solution
“One way we use our SIEM is by utilizing machine learning to detect breaches through anomaly detection,” explains Fredrik Svantes, Head of Security Operations at Basefarm. “By using the logs in a centralized location we can also find the information quickly and efficiently. We know where the anomaly happened, and can then quickly start looking into all logs at the time of the event.”
By shipping the logs over to another log host, the logs are secured from being altered by an adversary who may modify the logs locally on the machine they have comprised in order to hide their tracks. Requirements to safely store logs in this manner is also becoming a requirement for an increasing amount of security standards.
This service is also relevant for companies who want to be ISO 27001 certified for information security, and will support compliance to Säkerhetsskyddslagen (Security Protection Regulation) coming into effect in the autumn of 2019 in Sweden, with similar laws being already in place or becoming the standard in other countries.