A decisive response to a security breach could save your enterprise a significant amount of money, but only if you have an automated and systematic auditing and logging strategy.
According to a report sponsored by IBM Security, the average global cost of a data breach is now calculated to be $3.86 million. However, the same report also shows that companies that can find a security breach within 30 days of its occurrence can shave as much as $1 million from that average cost.
The research conducted by Ponemon Institute for IBM Security also found that organizations using auditing and logging tools that leverage artificial intelligence, machine learning, and other automated structures saved more than $1.5 million off the average cost of a data breach.
In other words, organizations protecting their information technology infrastructure with advanced systematic monitoring, logging, and auditing procedures cut the average cost of each security breach by more than a million dollars just by having a system in place. And since security breaches are inevitable in our current business environment, it is imperative that every organization implement a strategic plan for auditing their networks.
SEE: Incident response policy (Tech Pro Research)
Auditing and logging network traffic, internet access, file transfers, user activity, permission changes, and myriad other day-to-day activities is the first line of defense in establishing integrity for mission-critical systems. However, creating a framework for monitoring and reviewing those events so that security-related incidents and other critical problems can be addressed and mitigated quickly is just as important.
New automated tools are being developed to help enterprises maintain a robust and responsive system auditing strategy. For example, PwdPwn, from Sydney developer Luke Millanta, can audit an Active Directory database with more than 5,000 passwords within 15-30 seconds. Performed manually, this basic security auditing procedure would typically take one full day or more to accomplish.
SEE: Serverless architectures: 10 serious security problems (free TechRepublic PDF)
Whatever degree of automation your enterprise is using to audit and monitor its IT infrastructure, there should be a strategic plan of action in place that explains what is being logged, who is responsible for reviewing the reports, and how the organization will respond to a security breach. Tech Pro Research, TechRepublic's premium sister site, offers an Auditing and logging policy that provides a framework for monitoring and reviewing events that could signal serious problems.
In the current business environment, a security breach of your IT infrastructure is practically inevitable. Having a strategic plan to audit for that impending security breach and respond to it quickly and decisively could be the only thing that separates a successful enterprise from a failing one.
Has your company implemented an auditing and logging process? What tools have helped you stay on top of potential issues? Share your thoughts and opinions with your peers at TechRepublic in the discussion thread below.