Recognizing North Korea and Kim Jong-un’s recent actions as probable bluster has parallels to assessing a rogue computer process or questionable user activity on a network. When a process goes wrong in a system, log monitoring software gives off a real-time alert as a warning. With a less-than-enterprise class solution, this alert might be all that happens, which forces systems administrators to decide on an action based on isolated, incomplete information. With lives at stake rather than system and network resources, the result could be tragic.
Context is Key for Real Understanding
The U.S. government has the benefit of a sophisticated infrastructure providing correlated analysis of any situation from multiple angles. The direct threats from North Korea are correlated with data on their lack of actual troop movements, no missile facilities preparations, and in context of historical data of frequent threats right around national holidays. Similar to the U.S. government, a true enterprise-class log management and data analytics system should enable IT managers to have a fully informed view of any specific event with all the pertinent information available at once to enable fully intelligent action.
North Korea’s proclamations are nothing new. When their polemic rhetoric is understood in relation to no real military preparations, the U.S. knows not to take threats too seriously. Rather than a full-throated response, which would only make the situation worse, the U.S. threat level can safely be kept in check while understanding this is just more North Korean chest-thumping.
Data at Rest Combined With Data in Motion Allows for Intelligent Action
Based on their prior behavior patterns matched to historic data of past outbursts, any risks can be mitigated through intelligent action, or non-action. In the case of North Korea, for now, it is probably best to stand down and follow Secretary of State Kerry’s call for “cool heads.”
Sometimes with a rogue process, it’s not enough to see the information from the process itself; you need the context of all the other information in the environment. A true enterprise-class log management system gives you all the data you need in context, to make true intelligent decisions and actionable insights. With North Korea, it’s possible the U.S. could have acted unnecessarily to escalate the conflict without understanding there was no real threat to the system. In the same way, an IT data analyst in charge of safety and operation of a computing environment is well served by a platform with full visibility to make well informed decisions.