CenturyLink updated its Security Log Monitoring service with correlated threat intelligence, new cloud security monitoring features, and a real-time mobile application for threat detection and response.
These new capabilities give companies greater visibility across their hybrid network environments, said Chris Richter, vice president of global security services for CenturyLink.
“We’re finding that environments are changing at a very rapid pace, and hybrid networking is becoming very common,” Richter said. “We’re seeing customers migrate their applications from on premises to cloud or SaaS [software-as-a-service], replacing hardware with clouds.”
But with this comes security risk. Log and event management tools, which provide real-time analysis of security alerts generated by applications and network infrastructure, can help mitigate threats across disparate environments.
“Companies need a tool that can follow the data, follow the applications, follow the databases wherever they go,” Richter said. “We built Security Log Monitoring so that our collectors can be placed anywhere in the form of virtual appliances, and we’ve also got collectors built into our backbone. The idea is that log analysis and log collection must happen easily and cost effectively wherever the applications go.”
Security Log Monitoring
Security Log Monitoring is a SaaS-based log collection and security information and event management (SIEM) platform. It is built on open source and proprietary tools and uses technology acquired from the service provider’s 2016 purchase of netAura, a security log management and SIEM company.
The service recognizes hundreds of common log source types, including those from VPNs, firewalls, databases, cloud infrastructure, and servers.
“The primary update in this release is the ability to take in additional log traffic,” Richter said. In fact, the service now offers free complimentary log ingestion of up to 10 gigabytes per day. Customers can upgrade the service to pay for additional ingestion capacity, as well as advanced threat intelligence, incident response, and cloud and security operations center (SOC) monitoring.
Companies often use more than one network provider, Richter said. To accommodate these hybrid environments, Security Log Monitoring ingests logs from any environment. “SLM is not dependent on the CenturyLink network,” he added. “They can use a competing service providers’ service. All we care about is having the ability to have the logs sent to us, either from on-prem collectors or network-based.”
IoT Device Monitoring Coming Soon
Looking ahead, the company plans to add additional features to the service’s mobile application. It’s also expanding the number and types of devices for which it will do correlation and analysis. “We do expect to move into the IoT space with the platform because IoT is a huge threat vector,” Richter said.
In fact, a recent CenturyLink Report on distributed denial of service (DDoS) attacks worldwide found the U.S. holds the dubious distinction of leading the world as the most common point of origin for malicious internet activities. These DDoS attacks typically exploit unsecured IoT and other internet-connected devices and turns these devices into “bots” to bombard a targeted site with requests.
“We’re able to track over 100 million active bots, the vast majority of which are devices that have been infected with malware like Mirai,” Richter said. “And they are coming from things like security cameras and other types of IoT devices. So monitoring the behavior and traffic of those is going to be something of growing importance.”
Finally, the company is also continuing to integrate threat feeds it acquired from Level 3 into the Security Log Monitoring.
“Our Adaptive Threat Intelligence service ingests about 120 billion netflow sessions every day from activity in our network,” Richter said. “With that visibility, we’re able to see the movement of nefarious traffic on the internet at large. We have a very active view of live threats, and in a future release of SLM we will be ingesting those live threat feeds into the platform.”