The Open Web Application Security Project (OWASP) shared its draft Top 10 2021 list revealing a shake-up of how some of today’s modern threats are categorized - published for “peer review, comment, translation, and suggestions for improvements.”

PAY ATTENTION: The OWASP Top 10 is not just a simple checklist of what to look for, rather, it should be used as the backbone of your security strategy overall.

While the original Top 10 focused on vulnerability classification, the newest edition attempts a much more strategic approach. Most categories are broader than before and while the Top 10 is still data-driven, it is no longer primarily categorized by incidence - instead, it focuses on exploitability and impact.

In 2017, Insufficient Logging and Monitoring was added as a fundamental component of the security operations lexicon and priority chain. Systems were being exploited and insufficient logging was identified as the bedrock of nearly every major incident. Security weakness was rated Easy while detectability was rated Hard. Security operations teams realized that logging was the foundation of every security architecture and the industry exploded.

WHAT’S NEW IN 2021?

While the Vulnerabilities Assessment and the Prevention Prescriptions are the same, Logging moved up the list and is now defined as “Security Logging and Monitoring Failures.” This redefined category describes efforts to help detect, escalate, and respond to active breaches. The bottom line is that without appropriate logging and monitoring, breaches cannot be detected.

There aren’t many CVE’s (Common Vulnerabilities and Exposures) / CVSS (Common Vulnerability Scoring System) data for this category, so prioritizing the security of vulnerabilities continues to be difficult, but detecting and responding to breaches is critical. Nevertheless, appropriate logging remains impactful for accountability, visibility, incident alerting, and forensics.

WHAT’S THE ANSWER?

LogZilla NEO is a purpose-built Centralized Log Management & Analytics (CLMA) platform. Whether you deploy LogZilla NEO as a “Pre-Processor” or “Heavy Lifter” to an existing SIEM, or spin it up on a standalone basis, you will reduce your “Mean Time to Detect,” “Mean Time to Investigate,” and “Mean Time to Resolve/Restore” to less than one second.

DID YOU KNOW? If you’re already invested in a SIEM, you can position LogZilla NEO in front of any downstream SIEM product (on-prem or in the cloud) as a complement to that existing product.

HOW QUICK DOES LOGZILLA DELIVER?

LogZilla NEO’s purpose-built technology stores 10TB/day on a single 1U server and was designed to ingest, normalize, index, enrich, alert, trigger, execute autonomic actions, and eliminate the noise - during ingestion - at line speeds. The moment an event is ingested is the precise moment that the processed event is displayed, and analytics are executed - No lag time, no delays, no waiting. Unparalleled speed-to-everything which means true Real-Time.

LogZilla built our C++ real-time engine so that setting up and executing CVE/CVSS correlations, alerts, and triggers occurs instantaneously. Since LogZilla NEO does not use Java or anything based on Java, all responses are in true real-time…not ‘Java time’ that occurs when using a product based on Kafka, Lucene, or Apache Pulsar.

When using LogZilla NEO, all the data is accessible, not just the ‘hot’ data.

WHAT’S THE LOGZILLA BENEFIT?