The logging and monitoring of security events are two elements of a single process that is critical to the upkeep of safe infrastructure. Every action in your environment is a security event, from emails to logins to firewall changes. 

All of these events are (or should be) documented so that you can keep track of what's going on in your IT landscape. Security event logging and monitoring can only be effective if it is integrated into a comprehensive data collecting and analysis process. Security logs can contain a large amount of information. There will be so much of it that a human eye will be unable to efficiently discern dangers within it. Some logs are Security Logs, Endpoint logs, IoT logs, Server log, Proxy log, SAN Infrastructure Logs, Hypervisors. 

Proxy servers are critical components of an organization's network because they provide anonymity, control access, and save bandwidth. Proxy logs can disclose useful information about usage statistics and endpoint user browsing activity because all web requests and answers transit via the proxy server. We need to keep an eye on proxy logs to keep track of user activity and packet lengths. Using the proxy logs generated to analyze users' browsing activity might assist build a baseline of their behavior. Any variation from the baseline might signal a data breach and the need for additional investigation. The length of packets transmitted through the proxy server may be monitored using proxy logs. A user sending or receiving packets of the same length regularly over a while, for example, may suggest a software update or reveal malware exchanging signals with control servers.

Answer rating: 100% (QA)

Security event logging and monitoring are crucial components of maintaining a secure infrastructure ... View the full answer