Oct 01 2020

State and Local Agencies Gain Visibility from Centralizing Logs

Government agencies boost security and compliance with log aggregation.

The Ohio Attorney General’s Office centralizes its log files for two important functions: meeting security compliance requirements, and detecting and mitigating cybersecurity threats in real time.

In 2019, the agency’s IT security team deployed Splunk’s security information and event management (SIEM) software to aggregate the log data from its servers, firewalls and other security and networking equipment into a central repository.

The software allows the Attorney General’s Office to satisfy regulatory mandates by retaining logs for compliance reporting and audits. It also correlates and analyzes the data. When the tool discovers suspicious behavior and potential security threats, it sends out real-time alerts to the security staff.

“Having that visibility makes a huge difference and allows us to stay on top of what’s going on in our environment,” says CISO Joe Cossin.

Log in or subscribe to keep reading — you'll also gain access to our full premium content library