« July 2006 | Main | September 2006 »

Join LogLogic

We're hiring! If you are interested in joining a red hot Silicon Valley-based enterprise that is the leader in its category, drop us a line. Especially take a look at the just posted role in sales operations. The benefits and people are great!

Technorati : Jobs, LogLogic

Posted August 23, 2006 in Blinks , LogMatters | Permalink | TrackBack (0)

« July 2006 | Main | September 2006 »

The Case for a Vendor-Neutral Open Log Standard

Using standards for defining the log output from common types of devices and applications is a good way to improve interoperability, eliminate vendor lock-in and generally improve business as a whole. That is, if the standards are created through an open, collaborative effort.

Over the past few months we have discussed this very challenge here at LogLogic with our customers, our partners and external parties such as the SANS Institute, NIST, Gartner, Mitre and others with the aim of thoroughly vetting what an Open Log Standard and Initiative would look like. It is a conversation many have been leading.

Mary-Ann Davidson, CISO of Oracle, has been promoting an audit log standard for years. Others include a spring initiative by NIST to launch Common Logging Interchange Format. SANS deserves credit for picking up the ball where NIST left off. They brought together a wide range of users and "loggies" to debate standards at the recent log management summit. And, Amrit Williams from Gartner also published on the topic - such as his May 2006 Gartner publication #G00139205 on log output standards.

With so much interest, there are inevitable proprietary vendor announcements that are - like most things with the vendor label - closed in nature. Initiatives such as these typically fail for a simple reason - they depend on a company rather than the community to succeed. The last thing coders, technology inventors or enterprises need is a vendor specific common event format. What in fact is created is "uncommon event formats". These "uncommon event formats" only bring another layer of complexity to an already complex problem by driving the customer to adopt a vendor centric, rather than neutral, solution. Take IBM's uncommon "Common Base Event" - also for logging, tracing, management and business events. At least IBM claims theirs is an implementation of the OASIS "WSDM Event Format".

There is a bigger and more important point though that is missing from conversations related to log standards. That is, any conversation related to standards for log output should start with a discussion about the use cases for log data - a discussion about the best practices of using information contained in logs for operational excellence, IT control and compliance. That is a customer discussion about best practices and use cases - not a vendor discussion. A standard should be defined top-down with the customer in mind - perhaps by using frameworks such as ISO 17799, COBIT and ITIL as a starting point to deduce logging requirements - rather than bottom-up, using a random vendor's architecture for security event reduction (note: not an architecture envisioned for operational excellence, IT control or compliance in the first place ...) as an unnatural starting point.

At LogLogic, we envision a broad initiative to create a Open Log Community with participation in defining key standards, best practices and techniques that benefit all stakeholders. Tackling the log standard conundrum from the perspective of the broader community will benefit our common key constituent -- our customers.

Technorati : Log Management, Log Management & Intelligence, LogLogic

Posted August 22, 2006 in LogMatters | Permalink | TrackBack (0)

« July 2006 | Main | September 2006 »

Three SOX Learnings

New to the LogLogic team, I made my way to the ISACA(Information Systems Audit and Control Association) Silicon Valley Chapter's monthly meeting on August 11, 2006 to learn about Sarbanes-Oxley (SOX) efforts from the C-level exec's perspective. The panel line-up was excellent: Bill Vaas, President/COO of Sun Microsystems Federal Inc; Maria Shaw, Director of the Risk Control Group at McKesson; and Jeff Brzycki, Senior Director of IT Shared Services at Symantec Corporation.

The event proved to be a lively discussion between ISACA attendees and the panel, moderated by Ray Cheung, Director of Risk Advisory Services at KPMG. Here are three key SOX lessons that I took away from the discussion:

1. Reap the benefits of SOX. A common theme throughout the discussion was that of the upside and downside of SOX compliance requirements. On the upside, SOX has forced companies to take IT and financial processes and controls more seriously. Things like single sign-on, access management, segregation of duties and identity management have become more pervasive because of SOX, and companies are finding that they are ultimately better off for it. According to Jeff Brzycki, for those that have taken the proactive approach, companies have found that a SOX byproduct is "continuous improvement which otherwise may have been ignored." On the downside, some aspects of SOX requirements have forced companies to duplicate efforts or created manual controls which add up to unnecessary spending. As Bill Vass summed it up: "SOX can bring CIO's peace of mind, but unfortunately it sometimes brings unnecessary overhead as well." Bottom line: Companies who are now in their 2^nd or 3^rd year of SOX compliance have learned to be more proactive and build risk management and compliance automation plans into the IT development process up front. Automating compliance efforts through technologies such as log management and intelligence (LMI) can help to reduce duplication and unnecessary spending.
2. Designate SOX leaders. According to the panelists, when executives are grilled about financial and IT controls, it has been all too common to hear those executives say to their direct reports, "We're OK, right?" -- and so on, down the chain of command. To counter this dangerous "pass the buck" mentality, different companies are taking different approaches, but all are finding it necessary to put empowered managers in place to oversee their SOX and other compliance programs. Vass' recommendation was to set up an executive oversight committee and have a senior-level person manage the program on a day-to-day basis. Shaw suggested naming a C-level compliance exec to oversee not only SOX, but all compliance programs throughout the company. Whatever the approach, the important thing is to make sure there is accountability. According to Brzycki, the reality of SOX is that "personal accountability is a key reason to get C-level execs involved up front."
3. Move beyond compliance to total quality management (TQM). According to Jeff Brzycki, "SOX brought awareness of IT general controls to a larger group of people. These controls should be there, for companies to be effective and to maintain integrity in their IT operations. SOX simply reinvigorated the grasp of the importance of this. So, yes, SOX can evolve into a Business Quality exercise, but today compliance is still the number one objective." It was agreed across the panel that today there is still too much "voodoo" around compliance and that companies need to get more serious about using technological tools to take compliance to the next level. According to Maria Shaw, "While we're not there yet in terms of moving beyond compliance to TQM, it is imperative that we put in place repeatable processes to be able to measure success at a higher level. Today's manual processes and disparate systems are forcing companies into the weeds, making it difficult to step back and see the big picture." While her company now tackles each compliance requirement as a separate project (HIPAA, SOX, etc.) she envisions them moving to the point of putting everything through the same process.

According to Brzycki, "SOX is more than an internal issue, it's a brand issue." We at LogLogic couldn't agree more. Staying proactive on the compliance front is simply good for business. And using LogLogic's advanced appliances for log management can allow a company to meet these goals - without breaking the bank. - Heidi

Technorati : LMI, Log Management, LogLogic, SOX

Posted August 14, 2006 in Compliance | Permalink | TrackBack (0)

« July 2006 | Main | September 2006 »

Logging ROI

If you are looking at deploying a log management and intelligence solution and need help calculating the return on investment, drop us a line. We've undertaken a considerable effort to develop a model that calculates ROI over multi-year periods. We're not posting it to the web just yet - there is a simple calculator up there - but we are offering the first five Enterprises or Institutions interested a free engagement with our ROI consultant to fast-track your business case.

CIO Insight touched on some of the issues surrounding ROI - "IT and business executives overwhelmingly agree: Their companies receive business value from their IT investments. But how much value, and what kind of value, is as clear as mud. When will there be progress?"

Progress starts today. Most organizations have never quantified the amount of labor and lost productivity required to manage access to various logs, and as a result most CIOs would be mildly shocked if one was to quantify the annual costs of this activity. Our model then looks at the number of events requiring log access. As a function this roughly proportional to the number of log sources (network nodes, applications, devices), "multiplied" by the number of access requests stemming from applications, audits, security, HR, customer service and help desk, etc.

Technorati : LMI, Log Management & Intelligence, LogLogic, Logs

Posted August 14, 2006 in Log Management & Intelligence | Permalink | TrackBack (0)

« July 2006 | Main | September 2006 »

Every log tells a story

Ah, the logs do tell. AOL publicly apologized for making customer's search log data available as part of an attempt to woo the academic community with a new set of search tools. True, AOL had substituted personal information for individual names and other identifying info to keep identity private. Privacy advocates rightly commented that eventual identification could be determined through query strings by creating a 'mosaic.' Logs and the information they contain can be very powerful -- something that we educate the community and our customers every day. If you don't have a policy in place on log usage - and a clear chain of control, AOL's example might serve as a wake-up call… Fascinating stuff!

Technorati : LMI, Log Management, Logs

Posted August 14, 2006 in | Permalink | TrackBack (0)

« July 2006 | Main | September 2006 »

Log Data Agnostics

Last year Michelle Perry offered an interesting analysis of "How UK and US differ on corporate governance" in Finance Week. Her viewpoint endures today. She says that the UK's prescriptive approach to compliance is the norm in the US where companies must comply to a set of rules or suffer consequences. Perry then contrasts that with the UK's reliance on principle, or where companies must 'comply or explain' as the general rule.

Log data is pretty nomadic really -- it lives on the network and is country-agnostic. How the data is used in practice by a government, a company or anyone else is tied into their ethos and response to compliance-related issues. As we continue our push into Europe, we are finding that log intelligence is wanted -- and needed in IT. While our friends across the Atlantic don't fret jail over compliance, they are seeing value in log data analytics for many of the same reasons we hear about in the US.

Bottom line: Intelligent log data is just good practice and is transforming the global IT industry.

Technorati : Compliance, Log Management, SOX

Posted August 09, 2006 in | Permalink | TrackBack (0)

« July 2006 | Main | September 2006 »

How Log Intelligence is Transforming IT

Compliance, information protection, audits, user monitoring and risk mitigation are driving a new set of practices and policies in IT -- all around managing log data. In fact, recent research points to the Global 2000's continued investment in Log Management and Intelligence (LMI), projecting double-digit growth in 2006 to $380M.

And log data continues to grow at an unprecedented rate -- which just further compounds the issue of how to manage it!

We are hosting a webcast with the SANS Institute on August 9 to discuss the trends and solutions. LogLogic's Andy Lark will be joined by SANS Institute CEO Stephen Northcutt. Register here.

Posted August 03, 2006 in Log Management & Intelligence , LogEd | Permalink | TrackBack (0)

Visit loglogic.com

Subscribe to this blog’s feed

• November 2007
• October 2007
• September 2007
• August 2007
• July 2007
• June 2007
• May 2007
• April 2007
• March 2007
• February 2007
• January 2007
• December 2006
• November 2006
• October 2006
• September 2006
• August 2006
• July 2006
• June 2006
• May 2006
• April 2006
• March 2006
• February 2006
• January 2006
• December 2005
• November 2005
• October 2005
• September 2005

Blogroll

• CynergisTek
• Bruce Schneier
• InfoSecDaily

Compliance

• Continuity Central
• Compliance Pipeline
• SOX Compliance Journal
• Sarbanes-Oxley 101

Good Reading

• Log Management ROI
• Log Management Best Practices
• SANS Institute Log Management White Paper

LogLogic

• O’Reilly
• Anton Chuvakin
• LogLogic.Com
• Jian Zhen

LogLogic Partners

• Juniper Networks
• ONStor
• Counterpane
• Bluecoat

Sites We Watch

• The Merc
• CRN
• IT Architect
• The Reg
• Security Focus
• Slashdot
• TechWeb
• SANS
• C/Net
• CIO Insight
• InformationWeek
• Jamie Lewis - Burton Group
• eWeek
• IT Manager's Journal
• MIT Magazine
• VNU