Logblog: Bridge the gap between Operations and Information Security – how to get your projects funded and fast tracked.

« Logs Need Attention Too! | Main | Logs & The Law »

Bridge the gap between Operations and Information Security – how to get your projects funded and fast tracked.

Information security, audit and risk management professionals are becoming increasingly frustrated with exacerbated signoff and implementation timeframes for their security and compliance initiatives. Why is this? The business employs us to make recommendations and then fails to execute against them.

Who is to blame here? Maybe we are. As security professionals we become fixated on the importance of what needs to be done and sometimes we focus less on who has to manage and fund these initiatives.

More often Operations have to approve the proposed technology or maybe even fund the purchase. In this case we are generally talking about security technologies that may ultimately highlight gaps in their operational procedures. On this basis, it’s hardly surprising Operations are not highly motivated to test, approve, fund, implement and manage such technologies. It’s not personal! Operations are so under resourced they simply have higher priorities.

Is this sounding familiar?

If not, please go to the front page of our website and click “buy now”.

If this is what you’re seeing in your organization, read on…

Log Management and Intelligence (LMI) is a fundamental best practice for any security, compliance or risk management strategy. We all know it doesn’t matter which best practice standard (ISO 17799, ITIL, COBIT) or regulation (SOX, HIPAA, GLBA) you turn to, they all pretty much say they same think “you should (or must) be collecting all your log data, analyzing it, reporting on anything unusual and then storing it securely for later recall”

LMI provides organisations with a mechanism to mine large volumes of log data for both operational and security information, in a matter of seconds. This is where it gets interesting for Operations. The Operations folks are regularly being asked to provide security, audit and compliance information as they are the only people who have access to the systems. This process is a real pain for them; it delivers little value and distracts them from their day job i.e. keeping business critical services available. While most system and security administrators know the root-cause analysis value of the critical information locked within logs, they often don’t know there is a commercial LMI solution available. Next time you’re talking to the team running the firewalls try asking them “if there was a Google-like interface that you could use to search all your firewall logs in seconds, would you be interested in taking a look at it?”

Operations can automate the collection and delivery of the security, audit and compliance information, by implementing an effective LMI solution. The same system would be used to provide the root-cause analysis and decision support information that Operations need on a daily basis.

We are seeing an increasing number of customers using LMI to bridge the gap between the Operations and Information Security. This is resulting in their projects being funded more quickly and their initiatives being far more successful due to greatly reduced deployment timeframes. This is mostly due to the fact that much of the log data can be collected without the use of agents. How much has your organization spent on agent based Security Information and Event Management (SIEM) tools only to find change control and other organization reasons have severely hindered their deployment.

- Ross [Ross Brewer is LogLogic’s managing director, Europe]

Posted November 18, 2005 in Log Management & Intelligence | Permalink