In the previous video, I explained that the number one finding that always comes back is the lack of centralized logging or leveraging the available logs. So, in this video, I want to explain a bit more about that second part.

Imagine you’re an organization that really did its best to log as much as possible, keeping everything centralized, baselining the timestamps, and actually keeping the log files for three to six months. Great! But now what?

Sitting on a digital shelf

Let's be honest. You're going to have log files of thousands of events. Nobody is going to sift through all those events looking for potentially suspicious activities. So, typically, the log files are just sitting there on a digital shelf.

Nobody's doing anything with them.

That is not leveraging the log files.

Machine Learning

So what you want to do in a modern security architecture is apply machine learning to those log files. AI is built for pattern recognition. It can detect the normal pattern of your organization's flow and then identify anomalies, weird events, and risky activities. Once detected, it triggers an alert.

Then, a human security operator will review these preselected events flagged by AI. That is the way forward. This whole system is called a SIEM—Security Information and Event Management system. A SIEM helps process logs efficiently.

Conclusion

You need three things:

🔸 First, centralize your log files, as mentioned in the previous video;

🔸 Second, apply machine learning to analyze those logs;

🔸 Third, respond to the anomalies.

This way, your security team is not overwhelmed by manual work and can focus on critical threats.

And that is the way forward.

Have a wonderful day!
Jetro

I help European Organizations Strengthen Their Digital Security & Compliance

Outcome: Reduced Risk 🔸 Improved Cyber Resilience 🔸 More Peace of Mind