Copyright Goodheart-Willcox Co., Inc. 88 Security Essentials Log Management Log management is the process of generating, transmitting, analyzing, archiving, and disposing of log data. Log management software (LMS) enables aggregation of files from endpoint devices so the security posture of an organization can be moni- tored to support investigation of network events. Conversely, SIEM aggregates files across the infrastructure rather than just endpoint devices. Every Windows desktop and server maintains various log files created by virtu- ally every software application and system resource. Therefore, evaluating and man- aging logs can be challenging and include the following factors. ■ ■ The quantity of logs can be overwhelming since devices can have multiple logs, and by default, logs are located throughout the network. ■ ■ Resources to collect and analyze the logs can be time-consuming and can be costly to store vast amounts of data. ■ ■ To be effective, logs should be analyzed in real-time so immediate threats can be mitigated. Depending on the number of logs and data, the time needed for real-time analysis could be affected. ■ ■ Correlation of data from logs can provide a big picture overview of network security. Without this correlation of information, security administrators do not have a complete picture of the current security posture. Log analysis is the process of setting policies regarding the collection, review, and analysis of log data. Log analysis can occur at different stages of a data life cycle. Real-time log reviews should focus on identification of vulnerabilities and threats to initiate immediate remediation. Based on regulatory and internal compliance requirements, logs are analyzed during a routine audit of operations or to satisfy compliance requirements. Logs may also provide forensic insights following a secu- rity incident. Many organizations use predictive analysis as they fight cybersecurity. Predic- tive analysis is the examination of data, statistical modeling, and machine learning techniques to quantify the likelihood of a future cyber threat. Predictive analysis tech- nology combines machine- and self-learning analytics with detection techniques to monitor network activity, report on real-time data, and use historical data to predict a breach before it happens. Predictive analysis monitors real-time network activity and sends an alarm before an attack begins. As a comparatively new method of cyber defense, predictive analysis does not focus on defending an attack or establishing general preventative measures. Instead, it enables a company to focus on establishing cyber defenses before damage can be inflicted. Viewing Event Logs Event log data is reviewed in Windows operating systems using Event Viewer. Event Viewer is a versatile program that allows administrators to view, save, and back up logs. It also allows for the creation of alerts that can notify administrators of poten- tial concerns as a problem occurs, such as a cleared log.