Everyone has firewalls and many of the more regulated industries require collecting and reviewing their logs to meet regulations like PCI and HIPAA. But many organizations aren’t sure how to efficiently accomplish this, particularly with traditional (first generation) firewalls that, even though they contain a large amount of valuable data, frequently lack context. For example, a traditional firewall can answer “Who is trying to communicate with who, and is it successful?”, but can’t answer key details about the type of traffic or why it is happening.

Monitoring your firewall logs - knowing where to start
Few organizations have the means to quickly or efficiently analyze data at scale to get real value out of their firewall logs. And because there is so much data that has been largely ignored over the years, analysts no longer know where to even get started.

The challenge becomes how to deliver actionable monitoring alerts from network devices that generate large volumes of data that is often missing context.

  • What activities can be detected from firewall logs?
  • What are the challenges that must be considered when developing and deploying these monitoring use cases?

Download this white paper to find out more.









Within a couple of weeks of onboarding they notified us of a serious activity, which we most likely would not have discovered on our own
Ray Espinoza

Ray Espinoza

Director of Security at Cobalt