DeepSec2019 Talk: IPFS As a Distributed Alternative to Logs Collection — Fabio Nigi *

Logging stuff is easy. You take a piece of information created by the infrastructure, systems, or applications and stash it away. The problems start once you want to use the stored log data for analysis, reference, correlation, or any other more sophisticated approach. At DeepSec 2019 Fabio Nigi will share his experience in dealing with log data. We asked him to explain what you can expect from his presentation.

We want access to as much logs as possible. Historically the approach is to replicate logs to a central location. The cost of storage is the bottleneck on security information and event management (SIEM) solution, hard to be maintained at scale, leading to reduce the amount of information at disposal. The state-of-the-art solutions today focus on to analyze the log on the endpoint. This can optimize the maintenance but add the problem on updating the rules or accessing raw data. Both of the approaches are inefficient and expensive.

What we want from logs collection:

• Comparability
• Accessibility
• Inference and baselines
• Replication on topics
• On demand access and drilldown with hashable/forensic history of status
• Ownership: data need to point 1:1 to endpoint/people

Goal:
Granting access to all endpoints hosts logs, grant at least the requirements above, with 0…