Is it wise to add noise to API call logs for an investment firm?

By
Elli Mongillo
-
0
6
Asked By CuriousCoder23 On

I'm a cybersecurity student from Malaysia, getting close to the finish line on my bachelor's degree. For my final project next semester, I'm thinking about building my own SIEM (Security Information and Event Management system) specifically for an investment firm. My concern is that if logs from the firm's API calls are not protected, competitors could reverse engineer them to glean sensitive information about the company's investment strategies and plans. Is adding noise to these logs a sensible approach? Would this really address a significant problem in cybersecurity?

Key points I'm considering include the risk of revealing market research trends and strategies, potential vulnerabilities during crucial decision-making times, and the need for security engineers to monitor logs without exposing sensitive info. I want to make sure that security events are flagged appropriately, but still maintain some level of anonymity. My lecturer questioned whether this is a real problem, so I'm looking for insights into current best practices in the industry regarding this issue.

3 Answers

Answered By CryptoGuard99 On

Adding noise to logs can create confusion and may hinder incident response since accurate data is vital for tracking issues effectively. If your logs misrepresent reality, troubleshooting becomes a nightmare. Moreover, if an investment firm can’t secure its logs, it raises serious red flags—customers will think twice about trusting them with their money, especially if they’ve faced hacking issues before.

Answered By DataDefender78 On

If someone has managed to access your logs, it’s likely they already have access to much more. Instead of focusing on noise, strengthening your overall security measures might be more effective. Competitors would typically not waste time trying to decipher logs when they might have more straightforward ways to gain advantages.

Answered By TechieTimmy On

Security through obscurity usually isn't seen as a robust solution. Instead of adding noise, consider implementing more secure logging practices. True security comes from protecting the data and limiting access, not just complicating the logs.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.