1-1. Difficulty of performing forensics from irregular log sources

Organizations can record vast amounts of data, but as more information is recorded, the ability to effectively audit that data diminishes.
Even within companies, there are regulations (rules) that must be complied with, such as GDPR and HIPAA, depending on the location and industry in which they are based. Being able to manage logs is a must. As a result, I think that there are many cases where companies with overseas bases and group companies have introduced different tools at each base.

In the unlikely event that an incident occurs in such a disjointed situation, wouldn't it be realistically difficult for the security team to quickly conduct accurate forensics from the huge and different logs of each company?

1-2. Will it be impossible to analyze logs on NW routes in the future? !

There are variations in log types due to regulations, but the granularity of logs is also gradually changing. That is "acceleration of communication encryption". In particular, as TLS 1.3 spreads and becomes a standard, there are many things that cannot decrypt communication depending on the network / security tool.
Also, some applications themselves do not recommend decryption, so in the future, it will be difficult to "analyze communication on the NW path" itself.
In that case, a new approach is needed that can perform security checks and log collection without being affected by these encryptions.

2-1. Increase in browser business

Microsoft, Google, Sales force, Box, etc... Our business applications have progressed to SaaS, making it possible to work from anywhere and from any device.
Isn't there more and more opportunities to use those applications via browsers?
According to some statistics, there is data that "about 75% of the daily work is browser-based work".
In other words, by using business applications on the browser, we are operating many confidential files and customer data on the browser.

2-2. Current and Future Approaches of Browsers

On the other hand, what browser do you use at work?
Google Chrome, Microsoft Edge, etc. I think that many people are using the same browsers that they use privately. Since these browsers are consumer browsers, they are not very conscious of the security features required for business use by enterprises.
For this reason, many companies have implemented various security devices around their browsers to create an environment in which they can secure their "actual" browser operations.

If so, wouldn't it be possible to integrate security devices and unify log sources by adopting an "enterprise browser" in which the browser itself implements these security functions?

2-3. Logs can also be collected for the last mile

In addition, by utilizing enterprise browsers, it becomes possible to collect logs that could not be acquired in the past. Analyzing activity at the browser level allows you to capture clicks, keystrokes, screenshots, source and destination details, device and user data for critical applications.
The first and last point where the information displayed on these browsers = rendering information moves from the user's location is called the "last mile" and can be visualized.
For example, you can track employees who are logged into specific devices or networks so that you can grant privileges based on whether that activity is allowed or block it with policies you set. increase. All these activities can be recorded for future analysis.

Admins see what users have done or tried to do.
All activity (download/upload, print, screenshot, copy/paste, etc.) to SaaS applications accessed from the browser, URLs, internal applications that manage sensitive data are recorded and logged whether blocked or not and can be investigated later.

Consistent log collection can be obtained by simply checking the logs of the enterprise browser, but when utilizing logs beyond the scope of the browser, it is also possible to link with log collection tools such as Syslog and Splunk.