Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

IT Log management and data security.

InfoSecurity Europe : 04 April, 2008  (Technical Article)
Chris Petersen of LogRythm explains how IT event logs need to be carefully managed to prevent them from being the cause of information security exposures.
Totaling up to 25% of an organisation's data, IT logs reveal the security, performance, and status of network devices and applications. Whether or not anyone pays attention, important data on network and security events resides in IT logs. Left unchecked, some of these needles in the haystack can lead to costly outages, security breaches, and loss of sensitive data.

Given the distributed nature of logs, the lack of standardised formats, and the sheer volume of information generated, many organisations have simply ignored this rich datastore of security and operations knowledge. Security and regulatory compliance mandates are making this ostrich approach unfeasible, and driving the need for automated log management to increase network and data security.
Fortunately for overburdened IT security departments a new class of appliance addresses universal log data collection and analysis. They can perform log collection, log management, archival and restoration, log analysis, event management, and reporting with support for multiple compliance mandates. These products allow delegated administration across functional IT lines and role-based controls so that security, operations, and audit teams have access to only the data and functions they require. With centralized management capabilities they can scale with the growth in log sources and logs generated over time. Here is a summary of the benefits they provide:.

1 Log Collection - Virtually everything on the network - servers, applications, databases, firewalls, switches, routers, POS systems - generates logs. Log and Event Management Appliances can collect the logs via standard protocols such as Syslog and Netflow, and pull logs from Windows hosts and ODBC compliant databases, remote sites, and flat file sources.

2 Log Management - Since log formats are as varied as the log sources, the appliance can "normalize" the logs and correlate the timestamps of all log entries to a single 'normal time' for consistent reporting and analysis without losing the original stamps.

3 Archival and Restoration - Log and event management appliances can automate the archival and restoration of log data while maintaining the security and integrity of the logs. Based on policies, the appliances maintain a "bookkeeping" data trail. Archived files are cryptographically signed and compressed for tamper proof storage. The restoration process can verify that archives were not modified.

4 Log Analysis - Once collected and normalized, logs are classified and rendered useful to the security, operations, and audit/compliance teams. Logs with immediate relevance such as security events, audit failures, warnings, and errors, then trigger real-time alerts.

5 Event Management - The importance of an event can vary by organization, by log source or the impacted asset. The appliance can apply risk-based prioritisation based on the:.

* Type of event.
* Likelihood that the event is real or a false alarm.
* Threat rating of the host causing the event (eg remote attacker).
* Risk rating of the application, system or device on which the event occurred.

Alerting processes can use email, SMS, page, and SNMP, while the user interface can enable quick assessment and drill down to individual log and/or event data for root cause analysis and action.

6 Flexible Reporting - Log and event management appliances typically offer pre-built reports for specific mandates, including SOX, PCI, FISMA, HIPAA, and others as well as customisable reports.

The new class of Log and Event Management appliances provide the visibility and synthesized, actionable information from the logs that IT security needs to prevent and head-off insider and outsider attacks. In addition, these appliances help your team meet increasingly demanding audit requirements.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo