Skip main navigation

New offer! Get 30% off your first 2 months of Unlimited Monthly. Start your subscription for just £35.99 £24.99. New subscribers only T&Cs apply

Find out more

Centralized Accounting

In this video, you will learn about centralized accounting.
So, centralized accounting – very helpful. Logs reviewing. How often do we review our logs? Logs are only useful if they are reviewed. If we don’t review the logs, they become useless, in effect. Logs are technically a reactive form of control. If we’re looking at a log, something has already happened, therefore it’s reactive. That’s not to say that they are unhelpful, though. Logs can help us prevent further problems by having alerting attached to the logs.
So if we have, for example, a honeypot, a desirable alerting system in our demilitarized zone, if somebody triggers an alert by trying to access that honeypot system, that will give us an alert that we can use to provide some kind of warning to the security function. Something untoward is happening on our network. Technically, that’s reactive, but it’s reactive at a very, very early stage of an attack. And log aggregation can help protect log integrity. It can also help with the business intelligence aspect of logs. We can start to normalize the data and form analytics on them.
And we can start to correlate different types of data to map trends related to service consumption, system utilization, but also things like, perhaps, incorrect passwords on an Active Directory, service against a particular account, and correlating that to brute force attacks on individual applications or web services. So SIEM systems can consume logs, and they can help with log alerts, and are really big advocates of SIEM systems. There are many, many providers of SIEM systems and they’re all very capable and com– mostly very capable and competent systems. The benefit is that log reviews typically are a manual process, or traditionally were a manual process, and very time intensive, labor intensive. Pouring through log files is slow work.
And typically, that log review process happens on a weekly or monthly basis. A SIEM system, as soon as an event is triggered, can alert you to the fact that an exigent circumstance has occurred. You define something that you want alerting about, and when it happens, the SIEM system tells you about it. So we need to be careful. There’s lots of data. We need to understand what we want from our accounting, how we manage it, and what processes we can use around BI and SIEM systems to support us from a semi-automated or fully automated perspective.

In this video, you will learn about centralized accounting.

Centralized accounting will help you to:

  • log review processes

  • log aggregation

  • improve business intelligence

This article is from the free online

Cyber Security Foundations: Identity and Access Management

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now