« May 2006 | Main | July 2006 »

Finanical Institutions Face Surge In External Attacks

Deloitte's latest Global Security Survey says that the world's largest financial institutions have faced a surge in the number of security attacks over the past year, particularly from external sources.

You can download a copy or, here are some of the highlights - all of which point to the need for next generation log management and intelligence solutions.

• More than three-quarters (78 percent, up from 26 percent in 2005) of respondents confirmed a security breach from outside the organization and almost half (49 percent, up from 35 percent in 2005) experienced at least one internal breach.
• The top three most common attacks over the past 12 months included ones intended to extort some form of monetary gain. Phishing and pharming were employed for more than half (51 percent) of external attacks, followed by spyware/malware (48 percent).
• Insider fraud (28 percent) and customer data leaks (18 percent) were cited by respondents among the top three most common internal breaches. Ninety-five percent of participants indicated their information security budget grew over the past year.
• Almost three-quarters (72 percent) of financial institutions who experienced a security breach indicated the estimated amount of damage for the organization, including direct and indirect costs, was in the range of US $1 million.
• 83 Percent Fear the Enemy Within: Despite the publicity received by external security threats, attacks from within are a great risk. In fact, among the TMT companies whose security was breached in the last 12 months, half were attacked from inside the company. Less than half (47 percent) of respondents said they were very confident that their infrastructure is property protected against internal attacks, as opposed to almost two-thirds (63 percent) for external attacks. The vast majority of TMT companies (83 percent) said they are concerned about employee misconduct involving information systems.

Posted June 27, 2006 in Compliance , Log Management & Intelligence , Risk Management , Security | Permalink | Comments (0)

« May 2006 | Main | July 2006 »

SOX Audit Fees Rising...

SOX Audit fees keep rising according to Inside Sarbanes-Oxley and the Chicago Business Journal:

Since federal accounting reforms were enacted in 2002, public companies with less than $1 billion in annual revenue have seen audit fees nearly triple in the past four years, according to a recent study by law firm Foley & Lardner. Audit fees were more than $1.2 million for fiscal year 2005 compared to $332,000 before accounting reforms.

We've established with several customers that using the LogLogic Compliance Suite - SOX Edition can significantly reduce secondary audit requirements and overall audit costs. Drop us a line to learn more.

Technorati : Compliance, SOX, Sarbanes-Oxley
Del.icio.us : LogLogic

Posted June 19, 2006 in LogMatters | Permalink | Comments (0)

« May 2006 | Main | July 2006 »

A Log By Any Other Name

"Log file" and "LMI" are household terms among IT folks in their struggle to comply with regulatory frameworks like HIPAA, SOX and PCI. But what do these terms really refer to? And how do they relate? Here's a starter:

What is a Log File?

A log file is a file that lists all actions that have occurred on a device, within an application, or on a server. For example, web servers maintain log files that list every request made to the server. Log files provide insight as to where visitors are coming from, how often they visit, and how they navigate through the site. Same for homegrown and commercial applications, firewalls, and Windows servers - to name a few.

Log files provide critical information for enforcing security policies and ensuring authorized access to confidential data, including:

• Event origination info

• Event time and date

• User ID

• Type of event

• Actions taken

• Success or failure

• Invalid logical access attempts

• Use of identification and authentication mechanisms

• Initialization of audit logs

• Creation or deletion of system-level objects

• Identity of the affected data or component

Many industry regulations and compliance frameworks now recommend keeping an audit trail of this information for six months to a year. Log Data is used when trying to isolate and remediate network issues such as security threats or performance problems, and they are a critical component of compliance audits.

So, What is LMI?

Log management and intelligence (LMI) is the collection, alerting, storage and reporting on 100% of log data from applications, systems and devices. Using "Google-like" indexing and search - and machine learning technologies, LMI solutions enable information to be extracted from terabytes of log data in seconds. Agile reporting allows administrators to report and alert on that log data in real-time. Predefined reports for controls such as COBIT and regulations such as SOX and PCI ease the burden of mitigating risk and implementing compliance. Open Log Services automate the process of routing log data to other management systems such as EMC Smarts.

LMI is needed to manage the vast amounts of log data collected in enterprise networks today. Without it, adhering to compliance frameworks and using log data effectively for enforcing network security policies and is impossible.

Send us your thoughts.

Technorati : Cobit, LMI, Log Management, LogLogic, Logs

Posted June 09, 2006 in Log Management & Intelligence | Permalink | Comments (0)

« May 2006 | Main | July 2006 »

The Log Management End Game

Mike Rothman has an interesting post on the SIM endgame. He flags one on the primary differences between SIM and LMI:

But auditors and compliance type folks are all about reports. They are not about remediation. They need artifacts of what has happened and in many cases they have to forensically look at the data to piece together the circumstances around an issue. Log management solutions cater to these folks. They gather a crapload of log data while maintaining forensic integrity. They are even starting to add value by putting a reporting engine on top of it to provide the auditors with - you guessed it - a set of artifacts to show what has happened and how it proves compliance.

Technorati : LMI, Log Management, LogLogic

Posted June 09, 2006 in Compliance , Log Management & Intelligence | Permalink | Comments (0)

« May 2006 | Main | July 2006 »

A Short Primer On PCI Compliance

If you're a credit card merchant, service provider or retailer who processes, stores and transmits cardholder data, you have a fiduciary responsibility to protect that data. But with data volumes increasing exponentially and tolerance among regulators and consumers falling to new lows, meeting that responsibility is indeed challenging.

The Payment Card Industry (PCI) Data Security Standard, resulting from collaboration between Visa and MasterCard, provides a solid framework for safeguarding credit card data with 12 specific requirements, many of which can only be met with log management and intelligence. Included are specific mandates related to log data.

The PCI standard applies to store merchants, banks, service providers and card processors. And that's not all. PCI extends to all system components connected to cardholder data environments, including network components (firewalls, switches, routers, security appliances, etc.); servers (web, proxy, database, email, authentication, etc.) and applications, both internal and external. In other words, PCI compliance is a lot of work.

The process of complying with PCI compliance can be viewed in three stages:

1) Collection and storage-You must be collecting and securely storing all log data so that it is available for analysis, yet tamper-proof and secure.

2) Reporting-You must be able to prove compliance on the spot if audited, and present evidence that controls are in place for protecting data.

3) Monitoring and alerting-You must have systems in place, such as auto-alerting, to help constantly monitor access and usage so that administrators are warned of problems immediately and can rapidly address them. These systems should also extend to the log data itself - can you prove that log data is being collected and stored?

Underpinning this is the need for a clear set of IT controls. These provide the framework for evidencing and attesting to compliance. Controls like COBIT and ITIL provide a systematic way of not just answering PCI, but also other compliance mandates such as SOX.

An LMI solution like LogLogic helps companies reduce the labor and costs associated with PCI compliance by automating these three steps. The solution provides collection and secure storage of 100% of log data collected from all devices, servers and applications, along with compliance-specific reporting templates that organize data quickly and accurately to satisfy auditors. Finally, the solution allows administrators to set custom alerts and continuously monitor network activity.

Complying with PCI, merchants and service providers not only meet their obligations to the payment system but create a culture of security and operations effectiveness that benefits everyone. PCI compliance limits risk and builds confidence in the payment industry, and safeguards data from all types of payment network fraud. Which goes to show that what is good for the bottom-line can also be good for the top-line.

Technorati : LMI, Log Management, PCI Compliance

Posted June 06, 2006 in Compliance , Innovation | Permalink | Comments (0)

« May 2006 | Main | July 2006 »

IT Auditors Turn To Cobit For Sarb-OX Guidance

ComputerWorld says "increasingly, to keep themselves and their companies out of trouble, IT auditors are going by the book - the Cobit book on IT governance". Interestingly, they also point to the increasing integration of Cobit and ITIL. One of the many benefits of Cobit is that it fosters a strong dialog and partnership between IT, business users and corporate auditors.

These are some of the many reasons that we standardized on Cobit for SOX compliance reporting and alerting.

Technorati : Cobit, ITIL, LMI, Log Management, SOC

Posted June 05, 2006 in Compliance | Permalink | Comments (0)

« May 2006 | Main | July 2006 »

Project Lasso Momentum Continues

It has been a month since the open sourcing of Project Lasso. It has been extremely exciting and rewarding to see the community supporting and embracing the project.

A few quick updates on Project Lasso. First, the official repository for Project Lasso has finally been established on SourceForge. All project releases as well as the source code are now available there. LogLogic is committed to the ongoing development and support of Project Lasso. However, if you would like to contribute, in any form (development, testing, documentation), please do not hesitate to contact us. We are always looking for enthusiastic volunteers.

Second, since the release of Project Lasso, there were close to a thousand downloads of the Project Lasso binary and over 1500 viewings of the documentation. The activity level on lassolog.sourceforge.net remains extremely high and the community has been extremely supportive. We are starting to see Project Lasso used in many IT to centrally collect Windows events.

Third, in collaboration with our partner EMC, we have successfully collected audit logs from EMC's Celerra file server using Project Lasso. EMC's Celerra system is a high performance, and highly secured, Windows 2003 file server. Because of the hardened security settings, no agent solutions can be installed on the Celerra server. However, with Project Lasso's remote collection mechanism, we were able to collect the extensive file system audit logs provided by Celerra. These audit logs are essential to many companies security and compliance projects.

Many more exciting updates to come, stay tuned...

- Jian

Posted June 01, 2006 in Log Management & Intelligence , LogLogic News | Permalink | Comments (0)

Visit loglogic.com

Subscribe to this blog’s feed

• January 2010
• December 2009
• November 2009
• October 2009
• September 2009
• August 2009
• July 2009
• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• January 2009
• December 2008
• November 2008
• September 2008
• August 2008
• July 2008
• June 2008
• May 2008
• April 2008
• March 2008
• February 2008
• January 2008
• December 2007
• November 2007
• October 2007
• September 2007
• August 2007
• July 2007
• June 2007
• May 2007
• April 2007
• March 2007
• February 2007
• January 2007
• December 2006
• November 2006
• October 2006
• September 2006
• August 2006
• July 2006
• June 2006
• May 2006
• April 2006
• March 2006
• February 2006
• January 2006
• December 2005
• November 2005
• October 2005
• September 2005

Blogroll

• CynergisTek
• Bruce Schneier
• InfoSecDaily

Compliance

• Continuity Central
• Compliance Pipeline
• SOX Compliance Journal
• Sarbanes-Oxley 101

Good Reading

• Log Management ROI
• Log Management Best Practices
• SANS Institute Log Management White Paper

LogLogic

• O’Reilly
• Anton Chuvakin
• LogLogic.Com
• Jian Zhen

LogLogic Partners

• Juniper Networks
• ONStor
• Counterpane
• Bluecoat

Sites We Watch

• InformationWeek
• CRN
• eWeek
• IT Manager's Journal
• The Reg
• TechWeb
• The Merc
• IT Architect
• C/Net
• Security Focus
• Slashdot
• SANS
• CIO Insight