« November 2005 | Main | January 2006 »
SANS To Start College for IT Security...
Congrats to the team at SANS in getting approval by the State of Maryland to create a college focused on security. SANS says they plan to begin accepting candidates for Masters of Science degrees in information security. SANS will offer MS degrees in two subjects: Information Security Engineering and Information Security Management.
Posted December 22, 2005 in LogMatters | Permalink | TrackBack (0)
« November 2005 | Main | January 2006 »
Log Data Management: A Smarter Approach to Managing Risk
Dominique's recently published article is ready for download:
To manage risk intelligently and cost-effectively, companies are looking to their network log data for answers. Log data provides a complete audit trail of user and system activity, while delivering critical decision support to mitigate security and performance incidents. Fortunately, log data is readily available in any data center, and companies need only find effective ways of collecting, aggregating and archiving it to put it to use.
Posted December 21, 2005 in LogMatters | Permalink | TrackBack (0)
« November 2005 | Main | January 2006 »
SANS Defines New Metric for LMI Performance
The SANS Institute recently defined a new metric for Log Intelligence performance: Real-Time Report Response Time (RRT). For too long, Log Intelligence performance was only measured in “Messages per Second (MPS)”. MPS capacity is useful when figuring out how many logging servers to buy, but doesn’t tell you about the daily user experience. (You can register to download a copy of the research into LogLogic's LS 2000 appliance)
Most real world log analysis is ad-hoc: a random combination of time frame, log sources and search criteria. With homegrown syslog servers, Report Response Times can be hours. Commercial solutions range the gamut: from one minute to many hours – even days. It pays to test before buying, because faster Response Times translate into big dollar savings.
For instance - an auditor walks in and asks about failed logins on your finance servers, then sees something unusual and asks follow-up questions. If each question takes eight hours to answer, an audit easily costs a million dollars in people-time alone! You fail your audit because you aren’t able to satisfy reporting requirements within regulated or defined timeframes.
Or - an alert indicates a security breach or performance problem. Resulting downtime costs a million dollars per hour. If faster Report Response Time helps to resolve the problem in one hour instead of eight you just saved seven million dollars! And that’s not calculating the costs you saved in terms of damage to reputation, brand and your customers’ business.
Messages per second matter but not nearly as much as response time. Some vendors will take an even more extreme approach to tuning messages per second, waiting to parse logs until reports are needed to be run. In this scenario, often with weeks of data collected, response times slow to hours. Remediation or forensics could take days or weeks. This is why LogLogic’s Real-Time Report Response Times never exceeds fifty seconds and in most instances can be measured in single digits.
LogLogic appliances pre-process log data at the time of log collection without sacrificing an inch of MPS. For large environments, multiple LX appliances crunch parts of Real-Time Reports in parallel, keeping Response Times independent of the amount of data analyzed. This is what results in ‘Google-like’ search speeds on terabytes of data.
The solution is simple when you are clear on the outcome that matters most to users.
Posted December 19, 2005 in Log Management & Intelligence | Permalink | TrackBack (0)
« November 2005 | Main | January 2006 »
Logs & The Law
In the end, a firm's IT systems are only as secure as its employees' intentions and actions. Witness that close to 70 percent of network security incidents at Fortune 500 companies are caused by employee actions -- 30 percent malicious and another 39 percent inadvertent -- according to a 2004 survey by the Ponemon Institute, an Arizona think tank.
This and more appears in a great story in Legal Technology that flags the importance of logs:
The first step toward better data security could be as simple as enabling that feature, clearing storage space on servers for the logs, and having an IT or human resources employee review them on a regular basis. Logs can get very big very quickly in a large firm, but automated security tools, such as those built into Microsoft server software, can be set to flag only unauthorized access. For authorized access, however, having a person look the logs over is the only way to catch suspicious activities, Zawa says.Even if a firm doesn't have the resources to have someone routinely review logs, they provide an essential record if someone is suspected of network tampering. Brian Conlon, CIO at Washington, D.C.-based Howrey, says logs are also useful when data is lost accidentally, because a records administrator can review a log to find out who was the last person to use a missing file.
This is precisely the problem LogLogic solves: 100% collection of log data from 100% of devices - at industry leading speeds of 50,000+ messages per second - with legally valid storage - and alerting and reporting at 'Google-like' speeds.
Posted December 04, 2005 in Compliance | Permalink | TrackBack (0)
November 2007
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 |
Categories
Archives
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005