Log management reins in security and network device data


This article can also be found in the Premium Editorial Download "Information Security magazine: Tips from the 2007 Security 7 Awards."

Download it now to read this article plus other related content.

Enterprises are swimming in a sea of logs. The deluge includes logs from servers, security systems such as firewalls and IDSes, events from network infrastructure devices such as routers and access gateways, and from various software and hosted services. Making it even more overwhelming is that the information isn't necessarily collected in a way to resolve security incidents in real time, or to troubleshoot situations that involve multiple segments of the enterprise network infrastructure.

Increasingly, however, IT administrators are under pressure to get a handle on their logging practices and manage log data. Regulations such as SOX and HIPAA require some type of audit trail, making log management critical for demonstrating compliance, while the Payment Card Industry (PCI) Data Security Standard specifically calls out the need for log review. Also, the latest changes to the Federal Rules of Civil Procedure (FRCP) require better log collection for legal evidence.

"We have seen a shift in the market toward regulatory and government-based standards to drive purchases of log management systems," says Chris Pick, vice president of products and marketing for NetIQ.

Part of the challenge is the need to look at logging from an enterprise perspective, and move toward having a common and centralized repository for all logging data.

The ultimate goal is to have this single repository used for a variety of purposes, from satisfying auditors and responding to

    Requires Free Membership to View

e-discovery requests (see "How to Deal with New E-Discovery Rules") in the event of a lawsuit, to managing real-time security threat analysis and network and applications troubleshooting.

"Logging standards and practices typically do not exist across an organization, and they are difficult to enforce even if they do exist," says Jay Leek, manager of corporate IT security services at Nokia.

This was first published in October 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: