Kemp LoadMaster is a critical addition to any application delivery or general network infrastructure. In addition to features like application delivery, load balancing, SSL/TLS offloading, LoadMaster protects against common web security threats and provides Single Sign-On (SSO) and authentication. When combining Kemp Web Application Firewall (WAF) and Kemp Edge Security Pack (ESP), LoadMaster becomes an integral part of a Security Information and Event Management (SIEM) system that helps protect networks.
ELK Stack
The ELK (Elasticsearch, Logstash and Kibana) Stack is a standalone search and analytics engine. Elasticsearch is the search and analytics engine at the heart of the Elastic Stack where Logstach facilitates collecting and aggregating the data into Elasticsearch and Kibana enables the exploration and visualization of the data. The Kemp Technologies LoadMaster integration with Elasticsearch is simple and easy to achieve with Logstash.
The Kemp WAF provides JSON format logs and Edge Security Pack provides Common Event Format (CEF) logs that are easily consumed and parsed by Elasticsearch to enhance visibility (via Kibana) of whom is connecting to your application via the LoadMaster and to their intentions.
Edge Security Pack
Deploying LoadMaster with the Kemp Edge Security Pack (ESP) enabled, simplifies the secure publishing of applications with pre-authentication of clients and Single Sign-On (SSO) to improve the user experience. ESP can be fully integrated into your current authentication and authorization directories, including Microsoft Active Directory.
Deploying LoadMaster with the Kemp Web Application Firewall (WAF) enabled as part of your network infrastructure helps deliver defense in depth for your web servers and applications. The Kemp WAF provides continuous protection against vulnerabilities with daily rule updates based on threat intelligence and research from Trustwave. We also provide a Trustwave application rule pack based on their guidelines. You can adjust these templates as required and create your own rulesets to deliver your organization’s precise needs.
Please see video here demonstrating Kemp ESP CEF logs integration with ELK Stack.Please see video here demonstrating Kemp WAF JSON logs integration with ELK Stack.
Summary
Based on my personal experience, the integration between LoadMaster and ELK Stack was easy to achieve. You need to ensure that you install Logstash as ‘sudo’ and have some patience for the connection attempts and validating the required information into Elasticsearch, or maybe it was just me! After that, it is close to real-time, depending on your network connectivity. It is worth investing some time in learning the basics of Logstach to parse the received information.
Contact us today to discuss all your application delivery and security needs.
References
- https://www.elastic.co/what-is/elk-stack
- https://www.elastic.co/guide/en/elasticsearch/reference/current/elasticsearch-intro.html