« March 2006 | Main | May 2006 »

Growing the Log Management Community

With Project Lasso and Log-ED we are signaling our commitment to the growth of the global log management community.

Project Lasso represents hundreds of hours of work on our part. We initially started with the great work done by the Intersect Alliance on "Snare" a Windows-based event management and collection tool. It quickly became clear that in order to meet our customer's needs, we'd have to take a very different tack. Today, less than 25% of Project Lasso is based on Snare - and it relates mostly to event message expansion and Windows SDK inconsistency handling.

The flow control, multi-threading, and remote access is all developed by us. Here are some of the big shifts and main changes we had to make:

1. From single to multi-threaded. Required in order to collect tens of thousands of event logs centrally.
2. Central, agentless log collection. This reduces both the processing and storage overhead, and management and maintenance effort for system administrators.
3. TCP Syslog for faster, more secure transport

We also chose not to do some of the things that Snare offers - like a GUI. We see Project Lasso as principally being used by ISVs, SIs and the LMI community at large in the context of other applications and tools. Our effort here reflects our focus on creating new tools and platforms that will drive Open Log Services.

And we'll be offering and supporting Project Lasso as an ingredient in our overall log management and intelligence solutions.

We'll be posting on Log-ED shortly - you can read more here.

Posted April 30, 2006 in LogLogic News | Permalink | Comments (0)

« March 2006 | Main | May 2006 »

LogLogic PCI Compliance Suite Debuts

LogLogic today made the billions of log messages generated by retailers and merchants using credit cards available for enforcing, auditing and automating the requirements and controls related to the Payment Card Industry (PCI) data security standard. LogLogic Compliance Suite PCI Edition delivers more than 80 customizable PCI reports and alerts. Here's what Scott Crawford from EMA had to say:

“Processes such as saving logs, keeping an audit history of one year, and having a process where all audit trails are available to recreate certain events, are all requirements for the PCI data security standard. LogLogic’s compliance solution for PCI directly addresses these areas and helps businesses better manage compliance costs while increasing efficiency and accuracy for these compliance-critical activities.”

So what sets LogLogic's Compliance Suite apart from others?

1. LogLogic LX and ST appliances enable merchants and retailers collect and securely store log data to meet specific PCI mandates – and to attest to the implementation of controls. It's not enough just to show that you are, for instance, storing log data for the year-long period suggested. You need to also show you are executing against the processes established to make that happen
2. LogLogic Compliance Suite: PCI Edition delivers out-of-the-box reports and alerts on specific PCI requirements such as those in Section 10.
3. Then, by aligning reporting and alerting with COBIT 4.0 controls, the LogLogic Compliance Suite: PCI Edition enables enables you to attest to and report on broader PCI mandates. These same reports can be used for a variety of other regulations such as SOX where the controls are applicable.

Other announcements from Interop include Project Lasso and the launch of Log-ED. Watch for updates from the show floor.

Posted April 30, 2006 in LogLogic News | Permalink | Comments (0)

« March 2006 | Main | May 2006 »

Interop Is Nearly Here

We’re gearing up for a big week at Interop next week. We’ll be on the show floor so swing by if you are in Las Vegas – there’s plenty of new LMI innovations to see and you’ve got a pretty good chance of winning an iPod!

You will also be able to see us in InteropLabs, and, we’ll be collecting, storing, alerting and reporting on all the logs from InteropNet and our partners at the show.

If you’d like to meet in person, drop us an email. See you in Las Vegas!

Posted April 27, 2006 in LogLogic News | Permalink | Comments (0)

« March 2006 | Main | May 2006 »

Network Management Innovation

Computerworld covers the increasing investment in LMI - including in LogLogic. James Govenor of Redmonk is quoted throughout the piece:

"Network management tends to be real time; log management is after the fact -- it's more about looking at what happened and analyzing that," Governor said. "These companies are making log management more of a real-time function, and then it becomes more valuable. It's moving from being a subset of security management to more of an application-management function."

What James is getting at here is important. First generation solutions didn't collect or index in real-time. They depended on costly and time consuming rules writing. They correlated security events. As a result they were and are principally about what happened.

Next generation solutions such as those from LogLogic are real-time, they replace rules with Open Log Routing (enabling rules to be aggregated with an MSSP or application) - and machine learning. The correlate across all IT infrastructure. As a result they are as much forward looking as about what happened. They enable you to anticipate and predict risks.

At the same time, LMI solutions are moving well beyond security. We see more application today in the areas of IT control and process automation for compliance. And other areas such as application monitoring - for instance, areas of the supply chain being used more and likely to require additional capacity or management.

Posted April 11, 2006 in LogMatters | Permalink | Comments (0)

« March 2006 | Main | May 2006 »

What To Look For In A Service-level Agreement

In recent years, security outsourcing has become a popular and viable means of lowering the cost of perimeter security management - Jian shares his thoughts in two pieces in Computerworld - Part 1 & Part 2.

Anyone thinking about outsourcing such a mission-critical aspect of their network should understand in detail the potential implications to their IT security infrastructure and their company as a whole. One of the biggest differences among providers of security services is the service-level agreement (SLA). In this five-part series of articles, we will dive deep into the various aspects of the SLA and attempt to explain in details what the SLA should contain and why each of the items is necessary.

Working with partners such as Counterpane, LogLogic is ushering in a new generation of managed log services which take advantage of out Open Log Routing platform and machine learning technologies. You can register and listen to our last webcast together or give us a call for more info.

Posted April 11, 2006 in LogMatters | Permalink | Comments (0)

« March 2006 | Main | May 2006 »

Log Fear

Fear can be a powerful motivator. It is driving many companies to accelerate their compliance efforts and accelerate others - such as information protection. These broad-based priorities are also driving demand for log management and intelligence.

Stephen Wagner and Lee Dittmar hit on the power of fear as a motivator in a current issue of the Harvard Business Review - and how as a result smart companies are finding unexpected benefits in Sarbanes-Oxley compliance. Some of the highlights are pulled out over at ComputerWorld - here they are with a few annotations from us:

What were some of the big control gaps that early Sarbanes-Oxley compliance efforts uncovered?

WAGNER: One of requirements of internal controls is maintenance of records in reasonable detail that reflect transactions. We found [that] in many instances, control documentation was way behind or didn't exist.

[We see this often when implementing LMI platforms - previous approaches meant Log data was being edited down to serve applications - often SIEM; not correctly captured; and, randomly stored].

DITTMAR: And organizations didn't know what their control programs consisted of. They knew they had them, but as one told me, it was "kind of tribal." There was no consistency in how they did it. We found uncontrolled access to systems that are important to maintaining the integrity of financial reporting.

[We see the same. Log data can automate reporting, alerting and enforcement of controls. But you need controls to start with.]

LMI plays a key role in any compliance effort and this piece throws more light on the best practices that should underpin it.

Posted April 11, 2006 in LogLogic News | Permalink | Comments (0)

« March 2006 | Main | May 2006 »

RedHerring 100 Finalist & New Sales VP

RedHerring announced their list of finalists for the "Red Herring 100 North America" and LogLogic has made the cut. They say that "well over 1,000 privately held technology companies submitted to this year's edition of the prestigious award, giving evidence to the invigorated innovative and entrepreneurial strength of the technology ecosystem."

On top of our NetApp news earlier in the week we also welcomed Robert Yusin to LogLogic's executive management team - Robert is responsible for all things sales in Nth America and Europe. Robert joins us from Symantec most recently, and prior to that Finjan Software and Commerce One.

On NetApp - James had  this to say on our partnership while media are also picking-up on the story.

Oracle CSO Mary-Ann Davidson has an interesting piece on creating a log audit standard:

...the government is in the business of promoting the public good. It’s one of the reasons it exists. Having a common logging and auditing standard promotes the public good.

To make an off-line analogy, how well would 911 work if, in each jurisdiction, the phone number to call for assistance were different? How well would it work if a user in Omaha called up 911 and said, “He pilikia ko'u!”? (That's Hawaiian for “I have a problem!”) Without a common framework and language for auditing and logging, we can’t begin to address problems in real time.

Posted April 05, 2006 in LogMatters | Permalink | Comments (0)

« March 2006 | Main | May 2006 »

LogLogic and NetApp Partner

NetApp users will now benefit from the monitoring, alerting and reporting offered by LogLogic. Not only will we help NetApp's customers automate this process, we'll deliver enhanced levels of reporting and alerting for COBIT 4.0, SOX, HIPAA and PCI.

To deliver on this promise, LogLogic currently integrates with NetApp unified storage systems, NetApp NetCache systems, and Decru encryption appliances. LogLogic will also integrate with NetApp SnapLock software to provide critical log data aggregation, reporting, alerting, Write Once, Read Many (WORM) retention and security.

Jerry Shenk of the SANS Institute had this to say: "The integration of LogLogic and NetApp storage can help users gain an exact understanding of threats and compliance."

Posted April 03, 2006 in LogLogic News | Permalink | Comments (0)

« March 2006 | Main | May 2006 »

Reviewing System Logs - Do You Have To?

Pete Boergermann of  Citizens & Northern Bank - a LogLogic customer - writes on the importance of reviewing system logs in Bank Info Security. He has some smart advice for anyone looking at LMI:

Depending on the regulations you must follow for your organization and the risk profile you set for your equipment, some of your network devices may need to have their logs viewed daily. Talk to your auditors; they are not your enemy. Ask them what they will be looking for next time they visit you. If you can get a clear understanding of how they are going to audit IT Controls, you can save yourself a lot of grief and frustration. Automating this process as much as possible will save time.

Reviewing logs can help you be proactive in monitoring your network for equipment failures or could be used after a security breach to perform forensics. Translation: They can help you look like a hero. Monitoring them is a critical process in maintaining your network environment.

Posted April 02, 2006 in Log Management & Intelligence | Permalink | Comments (0)

Visit loglogic.com

Subscribe to this blog’s feed

• June 2010
• May 2010
• April 2010
• March 2010
• February 2010
• January 2010
• December 2009
• November 2009
• October 2009
• September 2009
• August 2009
• July 2009
• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• January 2009
• December 2008
• November 2008
• September 2008
• August 2008
• July 2008
• June 2008
• May 2008
• April 2008
• March 2008
• February 2008
• January 2008
• December 2007
• November 2007
• October 2007
• September 2007
• August 2007
• July 2007
• June 2007
• May 2007
• April 2007
• March 2007
• February 2007
• January 2007
• December 2006
• November 2006
• October 2006
• September 2006
• August 2006
• July 2006
• June 2006
• May 2006
• April 2006
• March 2006
• February 2006
• January 2006
• December 2005
• November 2005
• October 2005
• September 2005

Blogroll

• Whatever Compliance
• CynergisTek
• Bruce Schneier
• InfoSecDaily

Compliance

• Compliance Pipeline
• SOX Compliance Journal
• Sarbanes-Oxley 101

Good Reading

• Internet and Web Security Review
• Log Management ROI
• Log Management Best Practices
• SANS Institute Log Management White Paper

LogLogic

• O’Reilly
• Anton Chuvakin
• LogLogic.Com
• Jian Zhen

LogLogic Partners

• Juniper Networks
• ONStor
• Counterpane
• Bluecoat

Sites We Watch

• Verizon Business Security Blog
• SANS
• IT Manager's Journal
• CIO Insight
• Security Focus
• TechWeb
• Slashdot
• InformationWeek
• The Reg
• C/Net
• OSF DataLossDB | Data Loss News, Statistics, and Research