The LogLogic Story – Chapter 9

Use

The ‘use’ section of our technology is actually lots of products that all feed off the central warehouse. We have a S.E.M. solution that we refer to as a SOC-in-a-box, which is probably the most accurate correlation engine available. We have compliance technology that takes your assets and people and matches them against directives, and then enforces your processes. We have a forensic workflow solution that is indisputably the most efficient in the business. We have a special data-aware console called Database Security Manager that gives you SOC-type security over your databases. And of course, everything we do is extensible with open APIs.

The point I’m trying to make here is that we give you the ability to do the alerting, searching and reporting that you need, whether it’s for compliance, security or IT operations - all of it enriched from our central warehouse in ways that others can’t match.

Posted by Andy Morris on September 02, 2010 in LogEd | Permalink | | Comments (0)

The LogLogic Story – Chapter 8

See

Our ‘see’ is simply the biggest, fastest, most scalable and complete IT data warehouse available today. We have one customer that currently gives us 53 BILLION logs per day. Twitter (not a customer), we estimate, produces 127,000 log messages per second. Our biggest box peaks at 250,000. This level of scalability means that if you’re considering building a large datacenter, we’re the only people you should talk to.

But we’re more than just scalable. Our warehouse specializes in structuring unstructured data. We take the data from our Universal Collection Framework and automatically identify it – no more tedious manual configuration the way you do with other vendors. We then feed that IT data into our taxonomy where we add the insight. We take information from asset databases, from active directories (LDAP) and use it, along with our deep knowledge of events, to turn error code 14 on device w3q into “Andy (West Sales) failed to gain external access to main CRM system.”

This insight comes from our unique patent pending taxonomy. But we don’t know everything. You may have a device we’ve never heard off, an application you built yourself, or something that’s so old it’s unique to your environment. Using our Log Labels technology you can, using a simple drag and drop GUI, teach our taxonomy about your uniqueness. And of course, we do this in an enterprise-class fashion. You define data just once, it gets added to a central library of terms, and is automatically pushed to all your appliances. The next version of this will enable you to share your work with the greater community, meaning as an industry, we can finally tackle the long tail of IT data sources.

To be a good corporate citizen, we of course have to play nicely with others. And so we have an open storage system that scales using our own disks, or plays nicely with your corporate SAN’s and NAS’s. It also uses a unique open forwarding technology so we can share our enriched view of the world with any vendor you wish.

And again, we have open APIs, so we’re extensible should we not entirely meet your needs.

Posted by Andy Morris on September 01, 2010 in LogEd | Permalink | | Comments (0)

VMware vCloud Director Support

To quote BusinessWire, we’ve just announced another world first. At VM World today we announced our support for VMware vCloud Director in LogLogic 5. Want to see it in action? Press play below…

Posted by Andy Morris on August 31, 2010 in Cloud Computing , Innovation , LogLogic News , SaaS , Security | Permalink | | Comments (0)

The LogLogic Story – Chapter 7

Get

Let’s look at ‘get, see, use’ in a little more detail.

Our “get” is actually technology called the Universal Collection Framework.

This framework provides universal IT data collection capable of collecting, without agents, from just about anywhere. Where we do need agents for those hard to reach places, like HP Integrity NonStop (tandem) machines, or exotic devices, we have them. We also provide specialized technology for capturing database activity without the need for you to turn on costly auditing. All of this technology is vertically scalable to suit data centers of any size. It is also the world’s only WAN-aware store-and-forward technology capable of adapting to time-zones, being scheduled, compensating for unstable pipes, and protecting your data from unauthorized viewers.

The technology that makes all of this work is a brand new protocol we’ve invented called the Universal Lossless Data Protocol – which we intend to open-source next year.

Of course, we also publish open APIs so that you can add to this framework if you wish.

Posted by Andy Morris on August 31, 2010 in LogEd | Permalink | | Comments (0)

The LogLogic Story – Chapter 6

The Flexibility Wheel

This ‘get, see, use’ is what we refer to as ‘360 Insight.’

Put simply, it means that we don’t care where your data is, or what format it’s in; we can get it and give you 360 degrees of sight into all your IT data.

We don’t care why you’re capturing all that data. Whether it’s compliance, security, or IT-ops, we give you 360 degrees of sight into all your business drivers.

We don’t care who you are. Whether you’re looking for insight because you’re HR, an auditor/assessor, a partner, or that guy in IT - we give you insight.

‘We don’t care’ is harsh. ‘We’re neutral’ lacks the passion behind our focus. What I’m trying to say is that we’re doing all the hard work to understand all of your data, for whatever driver motivates you, while respecting your role within your organization.

We do the work, so that you (or a team of consultants) don’t have to.

Posted by Andy Morris on August 30, 2010 in LogEd | Permalink | | Comments (0)

Understanding and Selecting SIEM/Log Management

There’s an analyst firm you may not have heard of called Securosis. Every member of the firm is a rock-star from one of the major players that got fed up constantly having to guard their words and toe a corporate line. These guys speak it like they see it, and it often isn’t pretty. I butted heads with them my first day at LogLogic and lost. I like them for that.

Anyway, they’ve just written a “what the heck is SIEM” paper. Whilst I disagree with their definition of what SIM and SEM are (my definition is here), the paper is well worth your time. It’s long – 40 pages, but there’s something new for everyone in there.

I highly recommend you make the time (even if it is sponsored by a competitor).

Posted by Andy Morris on August 27, 2010 in LogEd | Permalink | | Comments (0)

The LogLogic Story – Chapter 5

The difference is clear

Our approach is different. Firstly, there’s no spaghetti! Ours is a simple world where all data, regardless of source or type, is centralized, augmented, enriched, parsed and understood, then smartly passed onto the appropriate visualization tools. We aim to create a virtual information pool that enables you to see 360 degrees of your operation; to provide you insight into the workings of your infrastructure.

Over on the left we have what we’re calling ‘Get.’ This is our Universal Collection Framework technology – our unique ability to capture audit trail information from almost any device, in almost any format and then securely and wisely move it to a central store, regardless of LAN or WAN complications.

In the center we have ‘See.’ This is our uniquely, massively scalable IT Data Warehouse, currently represented by our ST range of appliances. If you think of Google for a second you’ll understand why we call this ‘see.’ You know there are a million places on the web to book a flight. But rather than reach into the net and try each site directly, if you ask Google, it will do the search for you. It will display results directly. It will order them in terms of popularity and augment your view of those travel companies, giving you greater insight than you would have gotten if you’d visited all the sites directly yourself. Google enables you to see the raw information in a new way. That’s what we do. We enable you to see your IT data in new and insightful ways.

Over on the right we have the ‘Use’ column. Here we list all the visualization tools you may need. Some we make, others we expect you to source elsewhere. Regardless, they are all able to reach into the warehouse, without all the spaghetti, and be fed enriched, consistent information.

‘Get, See, Use.’ A simple solution to a very complex problem. We provide visibility, control, and improve security without adding all the complexity that others rely upon. There’s also an openness implied in this diagram. We offer an expansible framework, so if our ‘get’ doesn’t meet your exact needs, you can add something else. If our ‘see’ isn’t quite what you need, you can extend it. And if our ‘use’ is not a perfect match, you can use someone else’s.

When you go with our solutions you’ll also find that we pride ourselves in building technology that is simple to use and easy to deploy.

Posted by Andy Morris on August 27, 2010 in LogEd | Permalink | | Comments (0)

Products of the week

Hmmm, products of the week? Us? Again? Wow, people love the 5

thank you

Posted by Andy Morris on August 26, 2010 in LogEd , LogLogic News | Permalink | | Comments (0)

The LogLogic Story – Chapter 4

Adding Complexity

And that brings us to what I’ll call 1st generation solutions to your problem.

On the left of the slide you’ll see what I call “data assets.” These are your routers, firewalls, switches, servers, operating systems, databases, commercial and homegrown applications and pretty much anything with a plug. It’s a fact of life that almost all of the technology we use creates an audit trail. Some of those trails are called logs, others flow, sometimes they’re just file dumps. The point is, everything we do within the connected world leaves a trail.

Over on the right of the slide are the consumers of those trails. These are the analytics engines - the panes-of-glass from the previous slide. Hopefully, from the tangled spaghetti of colored lines you can see the problem here. We have one customer that has deployed 4 S.E.M. products from several vendors in their SOC. They also have other solutions, such as network monitoring tools. What this means to them is that they have servers with 4 agents on them – all doing the same thing! They get alerts that some S.E.M.’s corroborate, and others totally miss. They have no consistency, they can’t confirm that all the right information is getting to all the right places. And to make matters worse, they’re fearful of upgrading or switching out some of these solutions because the tendrils reach too deeply into the organization and no one knows quite how it’s all wired together.

What started off with the best intentions of adding clarity to a complex network of devices has simply made things worse. An alarm you can’t verify and trust is worse than useless – it becomes the car alarm that goes off in the middle of the night that everybody ignores.

Posted by Andy Morris on August 26, 2010 in LogEd | Permalink | | Comments (0)

The LogLogic Story – Chapter 3

The Standard Answer

The good news for you is that, as an industry, we’ve recognized your needs and even given them a name – S.I.E.M. or Security Information and Event Management.

S.I.E.M. is made up of two separate technologies - the first and most important is S.I.M., Security Information Management. This is the foundational work of collecting all tracking data - be it Logs, Flow, Assets, Users or Files - consolidating it, and then turning it into useful data. It is the S.I.M. technology that allows for the forensic searching and reporting we just discussed. It is this that you use for good IT management or compliance. We can even use it for simple alerting, such as someone failing to authenticate against a database.

The S.E.M. on the other hand is often referred to as the pane-of-glass or the analytics engine that consumes the collected data and presents it in a way that is meaningful to your needs; whether that’s event management for a SOC, or trending for capacity planning, or SLA management. Some of these visualization tools even provide dashboards that reflect your compliance posture.

The important part of S.I.E.M. is that for it to truly work efficiently and effectively, the pane-of-glass needs to be presented with ALL of the available data and not just a subset.

Posted by Andy Morris on August 24, 2010 in LogEd | Permalink | | Comments (0)

Visit loglogic.com

Subscribe to this blog’s feed

Enter your email address:

Delivered by FeedBurner

• September 2010
• August 2010
• July 2010
• June 2010
• May 2010
• April 2010
• March 2010
• February 2010
• January 2010
• December 2009
• November 2009
• October 2009
• September 2009
• August 2009
• July 2009
• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• January 2009
• December 2008
• November 2008
• September 2008
• August 2008
• July 2008
• June 2008
• May 2008
• April 2008
• March 2008
• February 2008
• January 2008
• December 2007
• November 2007
• October 2007
• September 2007
• August 2007
• July 2007
• June 2007
• May 2007
• April 2007
• March 2007
• February 2007
• January 2007
• December 2006
• November 2006
• October 2006
• September 2006
• August 2006
• July 2006
• June 2006
• May 2006
• April 2006
• March 2006
• February 2006
• January 2006
• December 2005
• November 2005
• October 2005
• September 2005

Blogroll

• Bruce Schneier
• CynergisTek
• InfoSecDaily
• Whatever Compliance

Compliance

• Compliance Pipeline
• Sarbanes-Oxley 101
• SOX Compliance Journal

Good Reading

• Internet and Web Security Review
• Log Management Best Practices
• Log Management ROI
• SANS Institute Log Management White Paper

LogLogic

• Anton Chuvakin
• Jian Zhen
• LogLogic.Com
• O’Reilly

LogLogic Partners

• Bluecoat
• Counterpane
• Juniper Networks
• ONStor

Sites We Watch

• C/Net
• CIO Insight
• InformationWeek
• IT Manager's Journal
• OSF DataLossDB | Data Loss News, Statistics, and Research
• SANS
• Security Focus
• Slashdot
• TechWeb
• The Reg
• Verizon Business Security Blog