By Alan Humphrey, LogPoint Enterprise Sales Manager
noun: normalization
the process of bringing or returning something to a normal condition or state.
I guess that we take normalization for granted. If used positively, of course.
The first known use of the word was in the mid-1800’s. At the time, it was specifically related to science and the treatment of diseases—all positive stuff. If we move into the 20th century, we now see a proliferation of normalization. Just after World War I, those clever chaps in politics adopted normalization to achieve political harmony between nations where there was a possible chance of conflict.
Normalization has continued to be a part of our everyday lives, particularly in the technical fields. Engineering, mathematics, and computing are all strong advocates of normalizing stuff. In more recent times, we see normalization used on a more societal level. That’s a can of worms I don’t want to open. I will stick with the computing side of things, thank you very much.
I first came across normalization about 12 years ago in a computing sense. I was working for a company that developed cool endpoint management solutions. One of the tools was Software Licence Management. A complete nightmare to manage. The naming of apps by the vendor was gobbledygook and completely nonsensical. Microsoft alone had about 15 different company names they published software under. Patching meant that you sometimes couldn’t tell if certain apps were suddenly part of a suite. It left organizations unsure if they were compliant in their software usage.
Then, one day, TA DA! A new release offered me a normalization engine. It took data from multiple vendors and made it insightful, actionable, and, more importantly, functional. It was a game-changer for many of my customers. No more audits from the big boys. No more fear of compliance issues and no more paying for software they didn’t need. Normalization saved many people much time, money, and a lot less effort.
So back to my first point. I think that we now take normalization engines for granted. Unless you do not have access to one, of course. I joined LogPoint at the beginning of December. As you can probably tell from my babbling love of normalization engines, I am delighted to confirm that we have one!
We call it Taxonomy (taking it back to its scientific roots). At LogPoint, we ensure a common taxonomy for normalizing log data. This enables an easy-to-use search function to create dashboards, alerts, and reports. By translating all log files into a simplified single taxonomy, searching across a wide variety of log sources is made more accessible and more efficient. This is out of the box, with little to no effort.
With Taxonomy, events from heterogeneous sources can be normalized and analyzed with fewer correlation rules. It is easier to develop knowledge-based analytics like dashboards, reports, and alerts. Thus, Taxonomy helps in recognizing patterns and writing correlation rules.
With the ability to translate all log files into a single Taxonomy, LogPoint provides immediate time-to-value in the application of UEBA and other analytics, meaning customers are empowered to build, manage and effectively transform their businesses through a unified cybersecurity solution.
And that, for me, is why it’s the unsung hero of the computing world. Normalization has proved time and time again that simplistic beauty will yield more value than complex chaos. To sign off, I would like to say thanks for reading if you’ve got this far. But also, if your SIEM solution does not offer you actionable insight – with less effort, out of the box – we should talk.
About Alan Humphrey:
Alan has been working in tech since 1991. His Sales career has covered areas such as Business Intelligence, IT Operations and Security. During the week, he’s all about creating win/win situations, focusing on delivering rapid time to value and building long term partnerships. When he’s not working, you can find him cheering on Brentford FC or walking the dogs on the beach with his family. He can be contacted directly at [email protected].