Security cameras help track activities in and around your home and your software audit logs should capture any events happening in your enterprise environment. Capturing and monitoring events into logs helps you in several ways, including but not limited to:
- Detecting breaches: Just like your security camera helps capture any unknown person entering your home, audit logs help detect login events that seem suspicious. If your administrator is logging in at 3am from Russia, you know something is off.
- Demonstrating compliance: Sometimes, even if the instructions say to not allow your kids to watch TV, your nanny still allows them to do so! Your security cameras help to validate whether your nanny is compliant with the instructions or not. Similarly, if your business requires your assets to be backed up at a certain frequency, audit logs keep a record of it so if audited, you can demonstrate compliance.
- Integrating with SIEM (Security Incident and Event Management) solutions: In today’s IoT (Internet of Things) world, mutual interaction happens between security cameras, smart lock, motion sensors, smart lights etc. All of these coordinate amongst themselves using Apple HomeKit or Google Assistant. Similarly, you also want audit logs to flow into a centralized SIEM solution. This helps organizations get all the necessary logs in one place and build workflows from it.
- Valuable insights: Footage from your security cameras tells you which neighbor knocks your garbage bins down or when birds come to drink water from your fountain. Similarly analyzing audit logs can provide insight into which assets behave nicely and which assets have challenges while being backed up.
After talking to many customers, we realized that the majority of issues they face stems from hardware centric solutions such as backup servers and appliances that have limited resources in terms of CPU, memory, and disk. Also, the user experience is not optimized for today’s cloud centric world and customers are forced to build and run complex scripts. To address these issues, we went back to the drawing board to build the right architecture. We wanted to ensure that we have:
- Always On logging: Since some hardware/software vendors, by definition, have limited resources, they do not enable logs by default. Customers have to choose whether to enable logging. This is like having a security camera that is not turned on because the vendor wants to save your energy bill. Clumio, being an authentic SaaS solution, has access to nearly infinite resources and turns on audit logs for all of its customers at no additional costs.
- Capture in-depth information: Even if your backup vendor offers logging, sometimes the logs which do not capture all the important details. When these logs are analyzed by someone in your SOC (Security Operations Center) team, they require as much detail as possible. The Clumio SaaS, by default, logs all the relevant information to ensure that security investigations don’t get stalled due to lack of detail. With Clumio, you always get 4K UHD, whereas your backup vendor may recommend you choose a lower resolution to accommodate their shortcomings.
- Do not miss events: With hardware/software based solutions, resources like memory and disk are limited. When an appliance is performing some operation (like a backup) and concurrently wants to write to an audit log in a low memory situation, guess what operation it’ll perform and what it’ll drop? This challenge is not present in Clumio’s world due to our capability to consume resources on-demand. We also architected our service correctly to ensure that logs are captured before and after any events happen. Clumio can record every single day for 24x7x365 independent of weather conditions, but competitors may not have video for days with snowfall.
- Scale elastically: Some customers have had to make a difficult decision of extracting logs every week because of the limited capacity of the appliance. When they expand their data protection coverage to include a new asset, suddenly they find they only have capacity to hold the logs for 4 days. These challenges are common in the appliance world but in Clumio’s SaaS world, there are no resource constraints. We can tap into our infinite disk resources to capture as many audit events that our customers can generate. The issue of limited storage is also very common with security cameras but with Clumio, you get the equivalent of unlimited video storage in the cloud, and you can access it at any place or time.
- Help find that needle in a haystack: Clumio supports granular filtering capabilities so customers can find the exact information they seek. This is similar to finding the exact frame in the security camera footage that has the thief’s face clearly captured.
Clumio has been investing in its audit logging capabilities by architecting an audit log solution to meet and exceed customer expectations. With increased adoption of cloud and SaaS services, many customers are moving towards SIEM in the cloud. Logs can stream directly from Clumio to your cloud. In this world, even if your network gets compromised, attackers will still not have access to your logs. To learn more about Clumio’s audit logging capabilities, watch the demo below.