Episode 37 - Humio at Netic with Karsten Thygesen and Anders Saxtoft
Using Humio to provide business-critical IT operations and security management
August 20th, 2020
In this week’s podcast, we have a conversation with Karsten Thygesen, CTO, and Anders Saxtoft, Sales Manager for Security and Analytics at Netic. They perform best-of-breed business-critical IT operations management for private companies and public institutions, helping clients with operations, security, cloud, data analytics, and more.
Netic uses Humio to help organizations get the most out of their log data. Their experience with processing, analysis, and monitoring of logs goes back more than 15 years. They have assisted a number of Denmark’s largest businesses and government agencies with multiple use cases for log management. They offer Log-Management-as-a-Service, with the option of professional services to further customize log management to suit the needs of any organization.
Listen to the podcast: Episode 37 - Humio at Netic with Karsten Thygesen and Anders Saxtoft
John and Karsten talk about some of the challenges that organizations face securing their data. Many companies are struggling to formalize their security strategy, and don’t understand the important role of collecting and monitoring the right level of data.
“From a security perspective, what we're seeing right now is a lack of maturity. That might sound a bit rash, even though it's true. Many companies have not yet figured out how important security is today and how hard it may actually hit them. It turns out again and again that they are lacking error logs. They do not have common log collection, or even a budget for cybersecurity.”
CTO at Netic
They discuss the approach they take to get started with coming up with an overall strategic plan. Karsten highlight the maturity journey that organizations should be on, and the steps along the way:
Common log collection is the very first step to better security. Secure the log data, so there's some data available to explore when something goes wrong.
Next, conduct a general analysis of the company to find where the weak spots are that they want to protect.
Then take a look at the architecture, the structure, the way they work, the extent of their network, and determine if they have any holes in the architecture.
Next, monitor security and security behavior, both from the employees, but also from external threats to the company.
Then review regulations like GDPR and develop a plan for compliance.
Down the road, they may implement a SIEM system, or deploy managed detection and response.
Karsten was around for the birth of Humio. He is friends with the founders, and he was part of the discussion about how to design an advanced log management solution and make it affordable. He describes the features of Humio that they rely on for their customers.
“Humio is very, very strong in ingesting a huge amount of data and doing very fast, real-time searches. It’s easy to visualize the data. And a quite important thing for us is the multi-tenancy, where we can have a shared platform for multiple of our customers and thereby bringing down the cost of operations.”
Netic offers Logging as a Service for its customers. This allows their clients to be focused on their own business, feeling secure that the network is being taken care of, and that their security is being monitored.
“Logging as a service means that we are taking the operational responsibility and the infrastructure responsibility and offering Humio as a service to our customers. We make it very easy for them to get onboarded. And we can very quickly start the dialogue about bringing out the value of the data that we onboard in their solution. The whole conversation is much less about infrastructure and technologies and more about how to bring out the value from the data that we are ingesting.”
Netic provides a managed detection and response platform where they provide a 24x7 security center. They generate alerts based on indicators of compromise and intrusion detection software, and they use Humio as a collection service and to trigger alerts.
“The investigation is often based on the logs that we are collecting from the customers, so we are using Humio, a SIEM, and customer-specific systems to figure out what is going on. We always get a recommendation to the customers for what action they should take.”
They discuss why it’s a good idea to augment a SIEM system with Humio. Different solutions have different purposes and different capabilities.
“A SIEM system tries to correlate the latest data to see if something is going on, but in a rather narrow timeframe. Humio is more geared to long-term storage of logs so that we can go back multiple years and try to investigate if something happened a long time before. And normally, application logs might not be a security interest, but the security area is moving all the time, so new kinds of threats are appearing, and then suddenly an application log can be an interesting security environment.”
Netic helps customers comply with GDPR rules, and with other compliance requirements. Every industry and location has different regulations, so they help their customers understand the requirements and then map them to actual actions. They can pinpoint what logs to collect, and help install them for the required retention period.
GDPR isn’t taken seriously everywhere. A lot of people—maybe it's not the right word—they look at this ‘ghost’ called GDPR, and they are afraid of it. Quite frankly, they don’t know what to do with it.
Sales Manager for Security and Analytics at Netic
There’s strong business value that comes from a good log management system, especially the ability to be prepared for anything that may happen. It’s important to have the right data available when there is a breach or if there's an operational problem, or even if you just want to find some business intel or analytics.
“Especially in security where everything is moving so fast, you never know what you need to know. That same goes for applications where everything is changing so fast. There's simply no time to sit down and filter all the data to save some money. Today, time is more critical, and you need to have a solution where you can just log everything without thinking so much about the cost, that's for sure.”
Listen to the whole podcast to answer all of these questions:
How can a large enterprise understand its system when it is divided into different silos and nobody has the general overview?
What steps do Netic customers take to prepare for the unknown?
What problems were the founders of Humio trying to solve when they developed the Humio technology?
How can log management be used for capacity planning?
How does Netic help find the context of a breach, not just detect the damage it does?
How can we secure borders when there really are no borders on the edge of the network?