Log Analysis Paralysis: Finding the Right Approach for You
Time 03/07/19 01:15PM-02:30PM
Room Supreme Court (M4)
To identify and manage operational issues, trends, and security incidents, IT organizations need real time visibility and forensic capabilities for enterprise networks and systems - but this mean managing and analyzing mountains of data. While there are several viable commercial offerings, IT log analysis can benefit from tools and skills associated with the growing field of data analytics and open source big data tools. In this presentation, we will discuss the journey that three schools have embarked upon to identify:
(a) how central and distributed IT groups are (or should be) analyzing log data,
(b) how the requirements led to evaluation and implementation of log tools, and
(c) an analysis of the costs involved and skills required in implementing various solutions.
The presentation will focus on two tools in particular (ELK and Apache Spark), why they were implemented and cost comparisons with commercial solutions.
Speaker Richard Biever Duke University
Speaker Mark McCahill Duke University
Speaker Jimmy Lummis Georgia Institute of Technology
Speaker Michael Grinnell University of Virginia
Primary track Information Security