This article can also be found in the Premium Editorial Download "Information Security magazine: Tips from the 2007 Security 7 Awards."
Download it now to read this article plus other related content.
Leek suggests enlisting the aid of the internal legal staff to help bring about this unification; there are numerous regulations that require logs to be kept for varying time periods, and in some cases disposed of after established deadlines for privacy reasons. For example, HIPAA mandates a seven-year retention period, while PCI requires one year. It gets more complex for global corporations, where European and Asian laws come into play. And logs need to be intact if they are going to be used as evidence in civil or criminal proceedings, placing other requirements on their use. Given the contradictory legal requirements, having lawyers as partners becomes essential.
"We need to bring together IT and legal departments to help put in place overall enterprise IT logging standards," adds Leek. "Lawyers tend to not be very technical people. If you can make it simpler for them, they will make things simpler for you. But don't let your legal department run a logging project; instead, incorporate their advice, and try to speak the same language."
A primary objective should be to prevent departments from setting up their own log management tools, creating multiple places where logs live, says Matt Stevens, CTO of the information and event management group at RSA, the security division of EMC. "You need analysis across the enterprise and to make it accessible for all users, and log management needs to be an element of the overall management infrastructure," he says.
Log management is also now part of the overall network security infrastructure. As blended threats become more frequent and more corporate applications make deeper use of the Internet for connectivity, having a unified logging repository becomes another tool in the security chest to protect the enterprise.
"It is not your father's security landscape anymore," says Robert Whiteley, an analyst with Forrester Research. "Nowadays, threat mitigation is deeply embedded into the overall network infrastructure. But how well you maintain your environment is critical, and there is a huge range in terms of how data can be exposed for analysis and manipulated."
This was first published in October 2007