In the previous video, I explained that the number one finding that always comes back is the lack of centralized logging or leveraging the available logs. So, in this video, I want to explain a bit more about that second part.

Imagine you’re an organization that really did its best to log as much as possible, keeping everything centralized, baselining the timestamps, and actually keeping the log files for three to six months. Great! But now what?

Sitting on a digital shelf

Let's be honest. You're going to have log files of thousands of events. Nobody is going to sift through all those events looking for potentially suspicious activities. So, typically, the log files are just sitting there on a digital shelf.

Nobody's doing anything with them.

That is not leveraging the log files.

Machine Learning

In a modern security architecture, you want to apply machine learning to those log files. AI is built for pattern recognition. It can detect the normal pattern of your organization's flow and then identify anomalies, weird events, and risky activities. Once detected, it triggers an alert.

Then, a human security operator will review these preselected events flagged by AI. That is the way forward. This whole system is called a SIEM—Security Information and Event Management system. A SIEM helps process logs efficiently.

Conclusion

You need three things:

🔸 First, centralize your log files, as mentioned in the previous video;

🔸 Second, apply machine learning to analyze those logs;

🔸 Third, respond to the anomalies.

This way, your security team is not overwhelmed by manual work and can focus on critical threats.

And that is the way forward.

Stay sharp,
Jetro

🔔 My goal is to help as many European organizations as possible turn their fragmented cybersecurity into well-governed cyber resilience.

Here’s how I usually help:

🔸 Fractional CISO services
🔸 Cyber risk assessments
🔸 Certified training
🔸 Keynotes

👉 Want to talk? Reach me at: ciso@bluedragonsecurity.com :: +32 495 81 47 41 (WhatsApp OK)