1. LOG MANAGEMENT AND SIMs
First-generation security information management systems rarely lived up to the ex-pectations raised by their proponents. Mixing data from various security products provided a lot of information, but little that could be acted upon. The investment in using these early tools was justified only in rare situations where extraordinary technical professionals amplified their value. During 2006, however, increasing regulatory demands caused buying interest in log management to skyrocket. SIM vendors joined pure-play log management vendors in responding to the frenzy of regulation-driven interest.

[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] Gears in Motion [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
...

BROWSE BY TAG Wireless Network Security: Setup and Tools,   Handheld and Mobile Device Security Best Practices,   Enterprise Network Security,   Application and Platform Security,   Software Development Methodology,   Features,   Network Intrusion Detection and Analysis,   Security Event Management,   VIEW ALL TAGS

• Organizations that use log management solutions only to produce regulatory reports are wasting a major opportunity for improving security, and also wasting a surprising opportunity to improve the relationship between security and operations managers.



• The highest payoff from log management products appears to come from the daily "hot issues" reports that identify events that should not be happening--especially useful for malware and spyware identification--which then lead to action, and from the capability to perform forensics to determine what actually happened when a security event has been discovered.



• When users cannot gain access to the network or to an application, operations and security people often find themselves at odds over who is at fault. A comprehensive logging solution provides access to data that can often isolate the problem and identify the solution quickly--eliminating conflict between security and operations staff.



• Log management can help deter insider fraud or destructive activity by system administrators because it is much harder to cover up malicious activity when logging is enabled and when admins have no access to rewrite those logs.



• The greatest problem is getting far-flung units in an organization to generate and share logs with the centralized log-management facility. Best solution: give each organization supplying data active access to the log management data and daily reports.



• Another common problem is capacity on log management and SIM appliances. Most small and medium appliances are overrun with data in short order. Only the largest and most expensive appliances provide satisfactory capacity.



• Log management also helps identify systems infected by viruses and other malware. When those systems try to infect others, firewall log entries are created. Close monitoring of those logs identifies unexpected traffic patterns. Drilling down identifies the infected system or systems.



• Log management can enhance law enforcement efforts. Fresno County (California) used its logs to provide sufficient data to gain the arrests of two embezzlers, one drug dealer and one person who had fixed tickets. It also led to 15 terminations for computer use that did not conform to policy.



• Other interesting applications: Finding inappropriate Web surfing and other inappropriate computer use, and finding evidence that a bank was the target of a phishing attack.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   NEXT PAGE  >