ActiveGuard Log Volume Analyzer - LOVE IT!

Court Little

February 12, 2013 - Posted by Court Little to Security Insight

It’s almost Valentine’s Day! And in honor of Mr. Saint Valentine I am going to opine for a bit on an ActiveGuard® feature that I LOVE. Specifically I am going to tell you why LOVE is at the heart of this technical process. What is this I speak of? ALVA. No, not Alva and the Chipmunks but the “ActiveGuard Log Volume Analyzer” or also commonly known as LAVA in its latest form within our company. Why is LOVE integral to ALVA/LAVA? Let me tell you!

love logs are the back bone of any security monitoring practice. But not all security incidents, threats or events have a specific log event tied to it. Not all products such as WAFs or IDSs have signatures to detect every security event, nor are there explicit log lines that will occur for every issue a device may face. But by examining the…

love oddities within the log volume from standard normalized deviation patterns, whether that be exceeding or not meeting expected maximum or minimum thresholds, often lead to the question of “why?” And the investigation of those deviations more often than not leads to detection of security events, health events, network events, policy changes, configuration changes and issues occurring that straight log analysis simply can’t detect. This is why…

love volume analysis using the ALVA/LAVA system allows Solutionary to detect threats and issues much more broadly then other systems can, in addition to the normal analytical tactics everyone employs. The key to a good normalized log analysis engine is that it must be constantly tuned to stay effective and must operate at different layers. This is where the Solutionary SOC and Solutionary Engineers come into play, as an MSSP we …

love ensure that ALVA/LAVA settings are constantly tuned to your environment for you. We make sure that the various volume engine stacks (Raw Volume, Protocol, Time, SCE etc…) are properly set. We work through standardized report card sessions to ensure these log volume analyzers are tuned properly and adjust them on the fly as needed as your organization changes. Our SOC then responds to these events in real-time, 24/7 investigating each ALVA/LAVA event, escalating the events to our customers and data back to our engineers to continue tuning the system. Yeah – you read that right. We have our own little perpetual motion machine as we constantly tune to your real-world environment.

Security is much more then speeds and feeds and signatures. Sometimes the best IT security and detection routines happen when a little common sense is applied to the bigger picture (with the help of a powerful log analysis engine that has been customized and upgraded over the last 10 years). When you look at the way the forest is swaying in the wind, and not what each leaf that falls to the ground is saying, then it's sometimes easier to see a storm blowing in from the west before it starts knocking down leaves and trees in the forest. (See how I channeled my inner Confucius there?)

That’s it for now. Wishing you a happy Valentine's Day, and if you happen to loathe Valentine’s Day no worries. In my next blog maybe I’ll describe what I HATE! And if your MSSP or log monitoring solution, isn’t showing you some LOVE, give us a call, we’d be happy to!

Read more on Solutionary Minds about:

comments powered by Disqus

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)