Logs in the IT context are a piece of evidence, automatically generated and time-stamped when a certain event happens. All information systems produce some kinds of logs.
For the security and compliance teams, the most common usage of logs is detecting anomalous activities, validating a certain piece of information, or demonstration of regulatory compliance in the context of audit trail. Logs, however, can be a very valuable resource for business process management, analysis, and optimization. Logs, if generated and collected properly, contain all the necessary data for business processes as most business processes take place or are reflected in information systems nowadays.
The below use cases describe how your organization can benefit from having a centralized log visualization system:
Using Logs for Business Process Management
Individual performance management
User management is crucial for business continuity. Information such as user performance can identify valuable information to help companies improve their efficiency and system control. Log analytics tools allow a manager to focus on a specific employee (actor) and track activity, measure speed, spot anomalies, and set course for corrective action if required. Log Analytics tools, combined with AI or rules engines, can detect anomalous activities, and send notification alerts in real-time to line managers. Such a tool is LogSentinel SIEM’s logging utility, which combines AI and rule-based analysis to ensure that managers get notified in case of critical events. Such critical events, for example, can be an employee accessing a specific system in a specific time range, for e.g. after work hours or during the weekend.
Example 1:
A user is less active during work hours than the other users on average or his/her own average. The line manager receives a notification to review the user activity in detail. The manager receives access to the user’s full activity across the systems and during the time, so he is able to detect the reasons for the low activity.
Example 2:
A user has received remote access to company assets. The line manager receives a notification that critical records are being accessed during the weekend. The manager is able to investigate further, reviewing details about what type of records and systems were accessed, was there a bulk upload or download, etc.
Process-level performance management
Having efficient and well-working processes is what every modern organization aims for. Such processes, however, should be monitored and controlled to achieve full business capacity. This can be easily automated as most of the business processes usually involve information systems. This allows data to be filtered either by action (process step), e.g. open account, closed account, or by entity (process location), e.g. table Accounts, table Customer, to see how overall process performance develops and where possible bottlenecks can be found
Example 1:
An internal/external auditor requests evidence that a certain process is being followed. The system administrator can easily grant access to the process visualization dashboard where these processes are being displayed in real-time.
Example 2:
A process optimization manager receives a task to figure out how to make a certain process more efficient. To do so, the manager can find trends from logs recorded and make suggestions for improvements.
Process Mining
Processes are constantly being changed and improved. When many teams are involved, the detection of process change can be hard to figure and can cause mismatches between outdated processes and their actual implementation. Automating this process update can be made smart using logs, though. A “process mining” is possible if one organization has a centralized log collector with a log correlation in place. Then, specialized tools can be used to automatically generate not only the business process itself but also even ideas for its improvement. This use case, for example, can also be associated with our own solution’s core features – a centralized log collection system. The raw data from LogSentinel can be fed into a process mining tool or utility thus automatically making a process map. LogSentinel provides such automated solutions as well.
Example 1:
An external auditor observes critical mismatches between a documented procedure and its actual implementation between several teams, which leads to poor handling of confidential data and no shared responsibility. Such situations might even terminate a process of recertification, based on the risk for the data involved.
To prevent this, an internal auditor or a process optimization manager can use a process mining automation tool using actual logs generated and cross-check them with the documented procedures.
Example 2:
An organization with no documented processes needs to get certified in a timely manner and the deadlines are short. The organization can either spend money on external consultants to achieve this or use in-house resources such as process mining using logs.
Infrastructure Management
Many organizations face challenges related to infrastructure management and maintenance. The business SLAs are often dependent on the successful management of the systems. Keeping all logs in one place makes infrastructure management much easier to handle. On top of that, AI and rule-based engines can save hours of work to the system administrators as long as ups and downs of activities, as well as unusual spikes, are being considered. They may help to plan and provisioning appropriate infrastructure (e.g. cloud storage) to meet peak activities such as seasonal campaigns, early-stage detection of server overload and its causes, etc.
Peak Demand Management
Just like in infrastructure management, sometimes the bottleneck is people who participate in the process. In terms of labor force planning, logs can be a very powerful tool. Even running simple averages for actions per employee per month can help in terms of indicating that the demand for more employees has increased or decreased. Previous seasons/years performance and be useful in terms of planning seasonal recruitment as well. Additionally, the LogSentinel dashboard and anomaly detection may show peaks and thus the need for more personnel, preventing the need for overtime work and employee burnout caused by poor labor planning.
Conclusion
To be able to extract the most valuable log information and transform it into business analysis, the organizations need to have a centralized logging system in place that collects all the data needed to feed business analytics. Centralized logging can make log collection, correlation, and analysis possible across more than one system. This allows in-depth user behavior learning, application monitoring, and fraud detection. In fact, learning from user behavior can be used as a fraud prevention method by applying top-notch AI technologies, as well as optimize critical business processes.
Interested in exploring the full potential of Business Process Management using log analysis? Talk to us today:
Denitsa Stefanova is a Senior IT Business Analyst with solid experience in Marketing and Data Analytics. She is involved in IT projects related to marketing and data analytics software improvements, as well as the development of effective methods for fraud and data breach prevention. Denitsa supports her IT-related experience by applying her skills into her everyday duties, including IT and quality auditing, detecting IT vulnerabilities, and GDPR-related gaps.
