Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Event logging management

InfoSecurity Europe : 02 April, 2009  (Special Report)
Ross Brewer of LogRhythm explains the ins and outs of log management for IT security professionals
See our events guide listing for more details

Totalling up to 25% of an organisation's data, IT logs reveal the security, performance, and status of network devices and applications. Whether or not anyone pays attention, important data on network and security events resides in IT logs. Left unchecked, some of these needles in the haystack can lead to costly outages, security breaches, and loss of sensitive data.

Given the distributed nature of logs, the lack of standardised formats, and the sheer volume of information generated, many organisations have simply ignored this rich datastore of security and operations knowledge. Security and regulatory compliance mandates are making this ostrich approach unfeasible, and driving the need for automated log management to increase network and data security.

Fortunately for overburdened IT security departments a new class of appliance addresses universal log data collection and analysis. They can perform log collection, log management, archival and restoration, log analysis, event management, and reporting with support for multiple compliance mandates. These products allow delegated administration across functional IT lines and role-based controls so that security, operations, and audit teams have access to only the data and functions they require. With centralised management capabilities they can scale with the growth in log sources and logs generated over time. Here is a summary of the benefits they provide.

Virtually everything on the network - servers, applications, databases, firewalls, switches, routers, POS systems - generates logs. Log and Event Management Appliances can collect the logs via standard protocols such as Syslog and Netflow, and pull logs from Windows hosts and ODBC compliant databases, remote sites, and flat file sources.

Since log formats are as varied as the log sources, the appliance can "normalise" the logs and correlate the timestamps of all log entries to a single 'normal time' for consistent reporting and analysis without losing the original stamps.

Log and event management appliances can automate the archival and restoration of log data while maintaining the security and integrity of the logs. Based on policies, the appliances maintain a "bookkeeping" data trail. Archived files are cryptographically signed and compressed for tamper proof storage. The restoration process can verify that archives were not modified.

Once collected and normalised, logs are classified and rendered useful to the security, operations, and audit/compliance teams. Logs with immediate relevance such as security events, audit failures, warnings, and errors, then trigger real-time alerts.

The importance of an event can vary by organisation, by log source or the impacted asset. The appliance can apply risk-based prioritisation based on the:

* Type of event
* Likelihood that the event is real or a false alarm
* Threat rating of the host causing the event (e.g., remote attacker)
* Risk rating of the application, system or device on which the event occurred

Alerting processes can use email, SMS, page, and SNMP, while the user interface can enable quick assessment and drill down to individual log and/or event data for root cause analysis and action.

Log and event management appliances typically offer pre-built reports for specific mandates, including SOX, PCI, FISMA, HIPAA, and others as well as customisable reports.

The new class of Log and Event Management appliances provide the visibility and synthesised, actionable information from the logs that IT security needs to prevent and head-off insider and outsider attacks. In addition, these appliances help your team meet increasingly demanding audit requirements.
LogRhythm is exhibiting at Infosecurity Europe 2009, the No. 1 industry event in Europe held on 28th - 30th April in its new venue Earl's Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo