BlogSupportContact

How To

Monitoring Physical Security With Graylog

This is a transcript of “Monitoring Physical Security with Graylog."

Hello, Jeff Darrington here,  senior technical marketing manager at Graylog. In this video, I'd like to talk briefly about how Graylog can be used to capture physical security events. 

Physical Security Meets Cybersecurity

How?  Well, this is where physical security meets cybersecurity. Just to provide you a list of some of the things that are to be considered when looking at physical security, let's have a quick look. Different types of systems, if not implemented properly, or even at all, will leave you vulnerable. Graylog can be a central location for all these types of physical security events. While Graylog would not be the primary source, It can be the centralized source of all these logs.

Most, if not all of these cases involve a separate application or systems and they require you to manage and view them all individually for important information. 

Logging Sources in Graylog

Logging all these sources into Graylog will give you that central pane of glass for the view of all these different sources saving time, money, and access right at your fingertips. Here are our log sources that could be sent to Graylog: 

  • intrusion alarms and logs sent to Graylog 
  • smart lighting systems logs, 
  • smart ups and  backup power generator logs
  • environmental monitoring like temperature, humidity, and water controls,
  • onboarding and off-boarding of staff and network accounts and assets 
  • security card access, access levels to IT rooms closets and all doors

Example

Let's go through a quick example.

Number one: security card logging and Alerts to IT.

Staff could be sent alerts when HVAC maintenance staff entered server rooms, followed by other correlating events. For example, when power is lost during a timeframe or temperature problems in a server room. Another one would be onboarding or off-boarding of staff and timely termination of network accounts, and the deletion of security card access is an example of correlation monitoring of internal processes to ensure you've appropriately managed those assets.

Monitoring for piggybacking by looking at the badge in and outs per day and monitoring access to IT rooms, closets, and internal/external doors.

Here you'll see a dashboard where I've integrated a critical actual card system for access through doors to different buildings within an organization. As you see on the right-hand side, there's a variety of timestamps for the individuals coming in and out of the actual location, and on the left-hand side, a ticker count for the ins and outs per building per user down below because the geolocation information is being stored, It is actually showing the actual locations of where these individuals are logging in and out. 

Number two: environmental monitoring. 

  • Dashboards and alerts on ups
  • low batteries, or failed generator activity
  • monitoring smart lighting systems for operational needs
  • Dashboards and alerts  on key temperature, humidity
  • alarms monitoring staff in and out of a building during fire incidents or fire drills, or after-hours activities.

Next let's look at that scenario.

In this dashboard, you'll see a variety of things for environmental monitoring from minimum temperatures, maximum temperatures, minimum humidity, and maximum humidity and your UPS battery status in real-time, followed by your minimum, maximum temperatures over time. 

Hopefully, this dashboard and the one previous is giving you some ideas of what things can be sent into Graylog and how that can be used in your environment so that you have the full picture of what's going on with your physical security. 

Thanks for joining us, and happy logging with Graylog.

See Enterprise in Action

See Demo