|
Myriad devices produce waves of logs. Here's how to get all that data under control.
Enterprises are swimming in a sea of logs. The deluge includes logs from servers, security systems such as firewalls and IDSes, events from network infrastructure devices such as routers and access gateways, and from various software and hosted services. Making it even more overwhelming is that the information isn't necessarily collected in a way to resolve security incidents in real time, or to troubleshoot situations that involve multiple segments of the enterprise network infrastructure.
Increasingly, however, IT administrators are under pressure to get a handle on their logging practices and manage log data. Regulations such as SOX and HIPAA require some type of audit trail, making log management critical for demonstrating compliance, while the Payment Card Industry (PCI) Data Security Standard specifically calls out the need for log review. Also, the latest changes to the Federal Rules of Civil Procedure (FRCP) require better log collection for legal evidence.
"We have seen a shift in the market toward regulatory and government-based standards to drive purchases of log management systems," says Chris Pick, vice president of products and marketing for NetIQ.
Part of the challenge is the need to look at logging from an enterprise perspective, and move toward having a common and centralized repository for all logging data.
The ultimate goal is to have this single repository used for a variety of purposes, from satisfying auditors and responding to e-discovery requests (see "How to Deal with New E-Discovery Rules") in the event of a lawsuit, to managing real-time security threat analysis and network and applications troubleshooting.
"Logging standards and practices typically do not exist across an organization, and they are difficult to enforce even if they do exist," says Jay Leek, manager of corporate IT security services at Nokia.
|
