In previous blogs I have covered why internet access is so important in the workplace, why blocking and filtering should be minimized, and why monitoring is preferred. Today I thought I’d focus on the specific benefits of monitoring and reporting on log files.
To some it might be obvious, but plenty of search queries used by visitors coming to our site contains phrases such as; “Why monitor internet usage important” and “Why analyze log files”.
Majority of benefits directly relate to the network device being monitored so I will structured the business benefits based on this.
Web Proxy Servers
Web proxy servers maintain log files listing every request, from outgoing traffic, made to the proxy server. By monitoring and reporting on log files from web proxy servers you will be able to identify aspects such as: who is accessing external sites, what sites are being accessed, when the sites were accessed, how much time was spent on the sites, how the user navigates through the sites, what page or search phrase referred the user to the sites, and the type and size of data downloaded from the sites. Use this information to:
- Maximize Employee Productivity
Identify employees who excessively use corporate Internet resources for recreational purposes. Effectively publishing and communicating Internet usage policies and making employees aware of monitoring activities, and corresponding breach consequences, will assist in reducing personal Internet use.
- Ensure Policy Compliance
Identify misuse and ensure compliance with acceptable Internet usage policies by monitoring which sites are being viewed, for how long, what is being downloaded and by whom.
- Ensure Legal Compliance
Mitigate risk of costly liability and litigation issues by ensuring compliance with acts and regulations relating to Internet usage.
- Reduce & Verify Bandwidth costs
Assess bandwidth usage and identify excessive downloading from particular websites, of specific files, and by which employee. Verify accuracy of Internet Service Provider’s charges.
- Understand and Reward Acceptable usage
Please read my previous blog covering this area.
Web servers maintain log files listing every request from incoming traffic made to the server. Reporting on these log files can tell you: who is accessing the internal site, what pages are being accessed, when the pages were accessed, how much time was spent on each page, how visitors navigated through the pages, what site or search phrase referred the visitor to the site, and the type and size of data downloaded from the site. Use this information to:
- Verify Effectiveness of Online Campaigns
View the most common sites referring traffic to your own website to validate the effectiveness of online marketing initiatives. Display search terms commonly used in search engines referring to your company’s website to optimize the website’s search ranking and maximize bids on the correct search terms for online pay-per-click campaigns. Or why not use the search phrases to inspire a new blog post :).
- Optimize Website Performance
Prioritize web page sequences, improve navigation, improve browser support and reduce link breaks by monitoring incoming website traffic, commonly accessed pages, user agents (browsers) accessing your website, client and server errors.
Email and messaging
Every time an email or messaging server sends or receives information they store log files containing data about the sender, the receiver, timing of delivery or receipt, subject line, size of attachment and, depending on the server, name of attachment and content of message. Use this information to:
- Reduce Bandwidth costs
Identify emails and messages with large attachments, who sent them, and if they were work related.
- Protect Confidential Information
Monitor email and instant messaging activity to protect the transmission of confidential organizational information.
- Mitigate Litigation Risks
Mitigate risk of costly liability and litigation issues by ensuring compliance with acts and regulations in relation to sexual harassments, bullying and discrimination that can arise from improper email and messaging usage.
- Maximize Email Virus Protection
Analyze log files from email virus scanning software, or devices, to identify source of viruses. Identify who sent the virus, who received it, attachment name and how your virus scanner dealt with it.
Network and security devices
Network devices, such as switches, routers and proxies, and security devices, such as firewalls, anti-virus, spyware and spam applications, store log files containing data about network activity and the external and internal traffic that has been blocked or filtered. Use this information to:
- Improve Network Management
Investigate traffic between computers, ports or applications to diagnose network problems. Gather information to help decide which protocols to prioritize over others. Better manage network resources and troubleshoot certain events.
- Strengthen Security Controls
Verify the configuration of a network’s firewall and its control of network traffic. Identify and investigate security breaches, determine the source of email viruses and manage their organizational impact.
- Maximize Effectiveness of Existing Blocking & Filtering Solution
Review websites that employees have been denied and granted access to in order to validate the effectiveness of existing Internet filtering service.
Designed to provide an audit trail of system use, event logging records the actions that occur within the system, such as users logging in, failure of a component to start, or an attempt to print a document.
Every event that occurs across a network can be recorded in an event log file. The list of events that are recorded by default can be modified to reflect the needs of the organization’s system. Use this information to:
- Monitor failed authentication attempts
Identify users trying to access files and folders they are not authorized to access, or the system failing to provide legitimate user access.
- Prevent data loss and leakage
Identify the access, modification or printing of confidential files to prevent information leakage or identify the person behind accidental or deliberate data loss.
- Ensure employees adhere to specified work schedules
Monitor event logs that record when an employee’s computer has been powered on or shut down.
Hopefully this will give readers a better understanding of the benefits involved. Perhaps it can be helpful when explaining to employees / employer why and how your Internet and network resources need to be monitored and reported on.