Good information security requires…good information.
That’s why logs are so important and why so many regulatory and industry directives require companies to not only gather but monitor, read and analyze them.
By the same token, if we’re going to get this log management thing right, we need to share our experiences and pain points with each other and the vendors who want to make their log management products more responsive to our needs, so we, in turn, will keep giving them money.
So, if you have not yet taken the fifth annual SANS Log Management Survey, please take a few minutes. The survey will be up through January. Obviously, the more respondents SANS gets, the more reliable the results. The findings will be released at SANS WhatWorks Log Management and Analysis Summit to be held in Washington April 6-7.
The survey has evolved as organizations experience with log management has evolved, said Stephen Northcutt, SANS CEO. Compliance is now well established as a driver for developing and improving log management programs and deploying automated tools. In fact, the 2008 report showed that compliance was only the second highest reason for collecting log data, behind detection and analysis of security and performance incidents.
With this year’s survey, SANS wants to emphasize getting full value to leverage log management for security and operations.
“The biggest thing in the survey that’s new and different is looking for the ROI,” Northcutt said. “We’re trying to see what the biz case for this is; the compliance case is established. Two years you had to go to the CFO and say, look, I need 200,000 bucks. Here are the findings of the audit report. So, you spent the money and now you’re saying, ‘Gosh, what can I DO with this?'”