Kemp Security Series 2020 – Part 4: LoadMaster and SIEM Log Analysis

Posted on

Kemp LoadMaster is a great addition to any application delivery or general network infrastructure. In addition to features like application delivery, load balancing, SSL/TLS offloading, and authentication, LoadMaster also helps protect against common web security threats. When combined with Kemp Web Application Firewall (WAF), Kemp Edge Security Pack (ESP), and third-party log analysis tools, LoadMaster becomes an integral part of a Security Information and Event Management (SIEM) system that helps protect networks against the OWASP top 10 and other threats.

Security Information and Event Management

SIEM systems are designed to provide a holistic view of network and application security. Once implemented, a SIEM system can help identify attacks and breaches in real time. This has obvious benefits for network security, compliance, and protection of an organization’s reputation. It’s better for an organization to respond quickly to any attack than to discover after the fact when the damage is done, and data has been compromised.

One aspect of a SIEM system is the deployment of tools to analyze network device logs in real-time. In this way, suspicious activity and known threats that leave well-known signatures in logs can be spotted, and system administrators alerted quickly. Automated responses can often be triggered to counter attacks in real-time.

Detecting and Addressing Threats

The 2019 Trustwave Global Security report identified an average period of 54 days from data compromise events to detection of the breach. Clearly, something needs to be done to make sure that the average exposure period is driven down towards the immediate detection end of the range.

Real-time log analysis is a way to help achieve this, and Kemp LoadMaster logs are ideally suited for this purpose. Due to its logical position on the network, LoadMaster inspects all the Layer 4 and Layer 7 traffic flowing to and from websites and application servers. All this activity is recorded in the LoadMaster logs. These can be passed to dedicated threat monitoring tools for analysis, and any suspicious activity can be identified. Best practice says that the logs should be sent off from the network device that collects them and analyzed remotely. LoadMaster can send its logs to various industry standard tools, from relatively simple Syslog collectors to more sophisticated analysis tools such as SIEM systems, including:

  • Azure Sentinel
  • IBM QRadar
  • Splunk
  • AlientVault
  • ArcSight

*Note: Please keep an eye on our blog for further videos on Kemp Technologies LoadMaster integration with industry standard SIEM providers.

Real-time analysis of the logs from LoadMaster, as part of a complete system of network security, can help identify attacks quickly. This allows preventative measures to be triggered and reduces the risk of a compromised system and data breaches.

Contact us today to discuss all your application delivery and security needs.

Read the rest of the Kemp Security Series 2020

Part 0: LoadMaster Security Part 1: Application Security Part 2: SSL/TLS Security Part 3: Identity Access

Additional Information

Trustwave 2019 Global Security Report Verizon 2019 Data Breach Investigations Report

Posted on

David O'Connor

David O’Connor is a Product Manager in Kemp working in Limerick, Ireland. He holds a bachelor’s degree in Computer Engineering from University of Limerick. David has a telecoms background with previous roles in development, customer support and presales with a focus on product-market fit and creating tech products that customers love.