If you have questions for Columbia University’s Joel Rosenblatt, ask him directly in a group discussion on CISOs Connect starting Jan. 28. Sign up at https://cisosconnect.com/signup or send an email to email@example.com.
Users log in and out of your system all the time, but what most administrators do is to put these logs in a hard drive and never look at them again. Storing logs is often seen as complying with a requirement – no more, no less.
But Joel Rosenblatt, director of network and computer security at Columbia University, believes that logs have the potential to serve a bigger purpose: Painting an accurate picture of user behavior.
Logs tell us where and what time the user logged into the system, or where they went, how long they stayed there. Taken together, they establish a pattern of a user’s routine and “normal” behavior. And when something does not quite fit the pattern, that could be a security red flag.
Indeed, behavioral analytics is a powerful security tool.
Columbia has its own Grand Unified Logging Program (GULP) which Rosenblatt and his team use to establish user behavior and identify variances and anomalies when they happen. Outside of his sphere,
Rosenblatt keeps a regular network of peers from other universities, and they share information on how they keep their environments secure.
“We get together on a regular basis and talk about what we are doing. If one university comes up with a really good idea, we are not afraid to share so that other can benefit as well.”
But the practice is good for all other organizations, not just universities like Columbia. After all, every user in every organization in every industry has to make use of logs.
To find out how exactly you can make the most of logs to benefit your organization, join Rosenblatt for a CISOs Connect group discussion. The discussion begins on Monday, January 28 and will run for two weeks thereafter.
CISOs Connect members can ask questions, respond to their peers’ questions and share experiences about the topic. Rosenblatt will make sure participants grasp the concept fully and can explore how they can apply to this to their own environments.
The discussion is open to all members of CISOs Connect. CISOs who are interested to join but are not yet members may go to https://cisosconnect.com/signup to sign up, or send an email to firstname.lastname@example.org.