« August 2006 | Main | October 2006 »

Congress Takes Aim At Log Data

Retaining log data is one area that is getting significant attention as of late as cybercrime continues to be a key focal point for law enforcement authorities. Colorado Congresswoman Diana DeGette believes that no clear guidelines are in place to either protect privacy or secure onine users, and late last week said she will be introducing legislation to force Internet providers to retain customer data for at least one year.

Plenty of recommendations are out there - for instance, Basel requires data retention from 3-7 years, PCI recommends a minimum of one year of data retention. And equally important is how the data is stored and managed. For example, is the data secure in transport and at rest? Is it an immutable set of data or processed data and how do you handle disposal?

What would legislation look like? DeGette suggests that:

One form could require Internet providers and perhaps social networking sites and search engines to record for a year or two which IP address is used by which user. The other form would be far broader, requiring companies to record data such as the identities of e-mail correspondents, logs of who sent and received instant messages (but not the content of those communications), and the addresses of Web pages visited.

DeGette said Thursday that her proposal would not require retention of the communications themselves, but would identify data so that law enforcement officials--if they had probable cause to believe a crime has been committed--could go in and get a subpoena and subpoena these IP addresses.

Regardless of how legislation aims to deal with the issue of cybercrime, one trend that we are seeing at LogLogic is individual sites proactively alerting patrons of their policies regarding log data. PopSugar, a red-hot celebrity gossip site based in San Francisco, has a posted privacy policy that calls out log files in great detail. PopSugar alerts patrons of their site that they use log data "to analyze trends, administer the site, track user's movement in the aggregate, and gather broad demographic information for aggregate use. These log files are not linked to personally identifiable information. We may use a tracking utility that uses log files to analyze user movement."

Whether it is for legal reasons, to track down the bad guy, or just to gather marketing data on viewers, log data a systematic and managed approach to collecting log data is critical.

Technorati : Compliance, Logs, PCI, PCI Compliance

Posted September 25, 2006 in Compliance , LogMatters | Permalink | TrackBack (0)

« August 2006 | Main | October 2006 »

LMI offers ITIL savings, greater efficiency

IT service management is a key strategy for companies as they turn to technology to generate revenue, serve customers, and out-perform the competition. Couple that with Log Management and Intelligence, and ITIL implementers gain a thorough and disciplined approach for implementing service management by increasing control, visibility, governance and security.

ITIL certifications are up in the US according to an article in the Federal Times.Fred Thompson reports that 100,000 people are projected to take the ITIL certification exam in 2006 -- that is "up from 10,000 in 1999, and 65,000 in 2004." The US is not the only region experiencing growth around ITIL certification. Analyst firm Pink Elephant reports that Asia-Pacific, too, is experiencing increased interest in ITIL, adding new certification courses in Australia.

LogLogic is releasing documentation, reports and alerts centered on helping IT more effectively deploy and verify ITIL (IT Infrastructure Library) best practices. The LogLogic ITIL Pocket Guide offers a pragmatic approach to ITIL implementations with 50 reports and 45 alerts to get you started. To obtain a copy of the guide, go here.

Technorati : ITIL, LMI

Posted September 20, 2006 in Log Management & Intelligence | Permalink | TrackBack (0)

« August 2006 | Main | October 2006 »

The Global State of Information Security 2006

 The latest survey results are out and the prognosis isn't good. Overall, the state is generally regarded to be poor.

Complacency, it seems, abounds. A large proportion of security execs admitted they're not in compliance with regulations that specifically dictate security measures their organization must undertake or risk stiff sanctions, up to and including prison time for executives. Some of these regulations—such as California's security breach law, the Health Insurance Portability and Accountability Act (HIPAA), and non-U.S. laws such as the European Union Data Privacy Directive—have been around for years. Is this an example of adolescent rebellion, or are security executives finding it hard to obtain the necessary resources to comply?

The answer, says Mark Lobel, a PwC advisory partner specializing in security, is neither, actually. The information security discipline still suffers from the fundamental problem of making a business value case for security. Security is still viewed and calculated as a cost, not as something that could add strategic value and therefore translate into revenue or even savings

We've just invested a substantial amount of time and energy into an ROI model that gets at the issue of making the business case. Look for that over the next week on our site. Today we're announcing our broad support for ITIL. While niche LMI vendors look to basic search, we're investing in aligning LMI with business objectives through best practices like ITIL. The reason is clear:

A larger percentage of companies are aligning security objectives with business objectives (20 percent of respondents said they align all security spending with their business objectives, up from 15 percent in 2004) and are prioritizing data sets based on the sensitivity of the information contained in each application. They're then protecting those sets with the appropriate amount of security (25 percent in 2006, up from 21 per­cent in 2004).

Link to The Global State of Information Security 2006 - Editorial - CIO

Posted September 19, 2006 in Compliance , Security | Permalink | TrackBack (0)

« August 2006 | Main | October 2006 »

Big Fish Swallows Small Fish

EMC today swallowed the #3 player in security event and information management – adding to the security acquisitions of recent months.  With newly acquired with Windows-based SIEM capabilities, they enter a market rich in players like CA, IBM, Cisco, Symantec and ArcSight.

Today’s announcement validates what we have been saying all along – SIEM is an application and feature within a broader security framework. And, LMI is a separate, larger market and opportunity – SANS estimates G2000 Enterprises spend at upwards of $1bn USD per annum. SIEM vendors are not visible in the majority of LMI deals underscoring that customers are looking at LMI very differently than they look at SIEM.

As seen with this announcement, SIEM is being absorbed as a security "feature" into identity management (Novell, IBM), threat mitigation (Cisco) and now storage management (EMC) whereas LMI is continuing to grow in importance as independent market (SANS) driven by regulatory compliance and IT operations and service management. Features like Open Log Services and Universal Log Processing will fuel the compliance, operations and security offerings, driving new services and integration opportunities. And, vendor neutrality coupled with partnerships with the likes of IBM, NetApp and CSC puts us in a great position to best serve customer needs.

The acquisition further emphasizes the need for open log management and intelligence (LMI) to fuel a broad range of applications while answering compliance and IT control mandates – something none of the big guns have today. In a market where LogLogic is now the undisputed leader still no player other than LogLogic has a major capability or competency in LMI and we will  continue to extend our market share leadership position where customers will benefit from our continued innovation and focus.

All in all a great announcement for EMC and for us – validates the market for LMI and SIEM as a feature of broad security offerings; grows the momentum behind use cases for log data; and strengthens our position as the vendor neutral, undisputed market leader in LMI.

Posted September 18, 2006 in LogMatters | Permalink | TrackBack (0)

« August 2006 | Main | October 2006 »

Survey: Most insider-related data breaches go unreported

A survey today from the Ponemon Institute says that most insider-related data breaches goes unreported:

"We found that many of the respondents in our study found that it was difficult, if not impossible, to identify all data breaches that exist -- and over 79% of the respondents said one, if not more, insider-related security breaches at their companies go unreported," said Larry Ponemon, chairman of Ponemon Institute. "Because it's insider-related normally, involving a careless or negligent employee [and] not an evil employee, maybe they are more likely to go unreported because people know each other, and maybe because people know each other, they say it was a mistake and maybe in the future they'll fix it."

This really makes the case for automation and real-time reporting and analytics on IT controls. The survey goes on to flag some other interesting points, notably that:

The respondents said they devote a considerable amount of their efforts to trying to prevent or control insider threats as part of their company's IT security risk management program. Approximately 10% said they spend more than half of their time on insider-related risks, and about 55% of respondents said they spend more than 30% of their time dealing with those issues, according to the survey.

Next generation Log Management and Intelligence solutions specifically reduce the human resource requirement in protecting information assets. According to The Ponemon Institute, "...the National Survey on Managing the Insider Threats calculated the average annual cost of insider data breaches at $3.4 million, and found that spending on technologies and programs aimed at addressing the insider threat seemed insufficient."

Source: Survey: Most insider-related data breaches go unreported

Posted September 12, 2006 in LogMatters , Security | Permalink | TrackBack (0)

« August 2006 | Main | October 2006 »

PCI Standard Gets Teeth

Often standards emerge out of necessity. Take the case of Payment Card Industry (PCI) Data Security Standard, something we are very focused on here at LogLogic. The standard for compliance was borne out of necessity and the scope of the requirements were adopted from Visa and MasterCard's own policies of how they felt it should be set up -- and is focused on those requirements that are key to their operations.

Last week American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International announced the formation of an independent council designed to manage the ongoing evolution of PCI DSS. The newly minted PCI Security Standards & Council's stated goal is to improve payment account security. This is great news for consumers and vendors in advance of a significant shopping season.

As part of their first order of business, the group is proposing some key changes to the standard, notably releasing a new set of technical criteria that will address evolving security threats. And front and center is some policies on logging data, monitoring and retaining data. The new directive Payment Card Industry Data Security Standard (DSS) v 1.1 is available here (pdf) and notably calls for merchant data to be retained for one year to meet compliance.The new set of guidelines will be the only recognized standard, says the Council, beginning January 2007.

Technorati : Compliance, PCI, PCI Compliance

Posted September 11, 2006 in Compliance , Security | Permalink | TrackBack (0)

« August 2006 | Main | October 2006 »

Log Intelligence Jumps Outside the Box at VeriSign

It's been a busy week for the LogLogic team. We have teamed up with VeriSign to offer customers Log Intelligence for Managed Security Services. Log Management continues to explode on the scene as an effective way for enterprises to address the complexities associated with monitoring, analyzing, retaining, and storing logs from servers, applications, databases and other critical infrastructure.

Together with VeriSign, LogLogic enables enterprises to make better operational and financial decisions by providing a holistic view of system and user activity, policies and business impacts. With over 25% of all enterprise data from log files, LogLogic's log intelligence platform includes sophisticated analytics to help customers understand the impact of security policy violations, internal and external threats or services quality changes, and to meet compliance regulations from Sarbanes-Oxley to HIPAA and PCI.

We are able to offer log intelligence as a service because our Open Log Services Architecture delivers a log management platform on which differentiated offerings can be built because it is based on a Service-Oriented Architecture (SOA). Combining 100% log collection at speeds exceeding 50,000 messages per second for a single appliance with Agile Reporting & Alerting, 'Google-like' search and secure storage. These features allow MSS providers to bring a new level of insight and services quality to customers.

Also the technology behind this is scalable and reliable due to its distributed, parallel processing architecture that is both highly available and fault tolerant. By adding Universal Log Processing, we are able to analyze logs across all sources -- even custom homegrown applications. This is markedly different than traditional solutions that use agent-builders or an SDK with professional services. Those options are just not practical when you are addressing hundreds of applications or devices per customer. We base log intelligence on Open Log Services and Universal Log Processing as the best way to deliver out-of-the box support for any homegrown text-based log data via natural language processing, statistical algorithms and full-text indexing technology.

Log Intelligence is now literally out of the box as a service. Offered by VeriSign, too. We really love logs!

Technorati : Cobit, Compliance, Event Management, LMI, Log Management, LogLogic, Sarbanes-Oxley

Posted September 07, 2006 in LogLogic News | Permalink | TrackBack (0)

Visit loglogic.com

Subscribe to this blog’s feed

• November 2007
• October 2007
• September 2007
• August 2007
• July 2007
• June 2007
• May 2007
• April 2007
• March 2007
• February 2007
• January 2007
• December 2006
• November 2006
• October 2006
• September 2006
• August 2006
• July 2006
• June 2006
• May 2006
• April 2006
• March 2006
• February 2006
• January 2006
• December 2005
• November 2005
• October 2005
• September 2005

Blogroll

• CynergisTek
• Bruce Schneier
• InfoSecDaily

Compliance

• Continuity Central
• Compliance Pipeline
• SOX Compliance Journal
• Sarbanes-Oxley 101

Good Reading

• Log Management ROI
• Log Management Best Practices
• SANS Institute Log Management White Paper

LogLogic

• O’Reilly
• Anton Chuvakin
• LogLogic.Com
• Jian Zhen

LogLogic Partners

• Juniper Networks
• ONStor
• Counterpane
• Bluecoat

Sites We Watch

• The Merc
• CRN
• IT Architect
• The Reg
• Security Focus
• Slashdot
• TechWeb
• SANS
• C/Net
• CIO Insight
• InformationWeek
• Jamie Lewis - Burton Group
• eWeek
• IT Manager's Journal
• MIT Magazine
• VNU