Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, June 20, 2007

Log management push has its roots in compliance

Enterprise interest in log management is heating up as compliance requirements push organizations to get a grip on their log data.  No one compliance requirement is driving interest in log management, Henry said.  A couple years ago, SOX was the top concern since it spurred most new audit efforts but now log data is important for demonstrating an organization’s controls for a variety of regulations, he added But Dave Shackleford, vice president at the nonprofit Center for Internet Security and a SANS instructor, said the PCI Data Security Standard in particular is helping to make log management a hot topic in the enterprise.

Log management tools can help organizations drill down and look for specific data strings such as full track data from credit cards; PCI prohibits storage of such information, so companies can then take corrective action.  The log management market includes tools from LogLogic, LogRhythm, Splunk, syslog-focused products such as Kiwi Enterprises’ Syslog Daemon and freeware like Unix’s syslog daemon.  Also, security information management (SIM) vendors have begun tailoring their product lines to meet the demand for log management by offering options that focus on providing more storage capacity than correlation capability.

At the Burton Group Catalyst Conference, Jay Leek—manager of corporate IT security services at Nokia—plans to talk about practical considerations for log management and how a centralized system can improve compliance, incident response and troubleshooting while also saving time and money.  Without any control over what’s being logged, companies can spend a great deal of time and effort searching through log data during an incident investigation or when trying to troubleshoot an IT problem, he said.,289142,sid14_gci1261647,00.html

Posted on 06/20