System logs are generally defined as a central repository that consolidates the event messages that are automatically created by network devices and maintained by the Syslog server. Put another way; a log file is created each and every time an activity takes place by a device connected to the network.
The goal of the audit log is to track access details and commonly captures the following activities:
- User identity & terminal or device ID
- Records of time and date when every user logged in and out
- All the files, data, systems, and applications accessed (whether successful or not)
- Networks access & systems configuration changes
- Protection systems notifications (including anti-malware and intrusion detection)
- Security events including alarms
The audit log is crucial since it supports in tracking all the activities that affect the environment
Log data is generated by practically every type of computing device every time an activity takes place. It is a fingerprint of what happened, when it happened, in what time and order, and by what user and device. Logs, by virtue of the information that is collected, are crucial in:
- Conducting forensics
- Used as evidence in court
- Meeting regulatory compliance
- Improving business continuity
- Network administration and debugging
- Threat detection and cyber-security mitigation
The problem: hackers often exploit audit logs to their advantage
Audit logs contain a vast amount of information and are useful in the wake of a threat or intrusion. And being one-step ahead, hackers will often manipulate log data to cover their tracks. Not only will they delete logs evidencing their activities, but they may also insert fake logs and activities as a diversion. And, coupled with the fact that many log detection systems carry retention limitations, the breach and related audit logs may have been erased making a forensic investigation problematic.
Reinforcing your audit logs with an immutable Blockchain audit trail
Because of the importance of audit logs from a threat detection, cyber security and business continuity tool, underpinning log activity with a tamper-proof Blockchain layer makes a great deal of sense. Benefits seen by enterprises include:
- Near real-time security threat and suspicious activity detection
- Auditable compliance and policy violation detection
- Expedited forensics, debugging and troubleshooting activities
Shorten the time to discovery of a threat or an attack with real-time log monitoring and alerts
With U-Lert, businesses achieve continual comparisons between existing system logs and a tamper-proof blockchain-based copy. This comparison immediately uncovers any discrepancies and issues alerts that allow an administrator to investigate the cause and potentially catch a perpetrator in the act.
ULedger is designed to be minimally invasive to an existing technology infrastructure via REST-ful API standards allowing for ease of integration to existing data management environments. Through this process, each database underpinned by ULedger becomes its own Blockchain. As a result, an entity can have more than one Blockchain. ULedger hashes and timestamps the metadata (description of the data) of all transactions that occur on the database(s) and then the hash, timestamp, and metadata are posted to a public network of ULedger Blockchain nodes.
Our hybrid approach ensures that the underlying data remains secure and private while benefiting from a distributed and tamper-proof ledger. This approach also delivers a highly scalable solution intended for enterprise data loads and security requirements.