« October 2006 | Main | December 2006 »

Protecting Against Data Theft

We just completed a study in the UK that indicated that while 86 per cent of large UK financial services companies report that their enterprise data is mission critical, 76 per cent reveal that that they do not currently have systems in place to track and trace potential data theft. Of those companies who report having systems in place to monitor IT data, 57 per cent say it takes them several days to identify security breaches involving data theft and just 19 per cent report they are able to perform the appropriate forensics within one working day.

NetworkWorld also recently reported on the rise of data breach costs.

Companies spent nearly $5 million on average, and 30% more, this year than in 2005, to recover when corporate data was lost or stolen, according to a new study from the Poneman Institute.

The report states that “the average cost for each compromised record was up by more than 30% over last year, rising from $138 to $182″. In addition companies spend an average of $180,000 after the incident on remediation and preventive mesures for the future.

It also showed that the source of most compromises does not originate from corporate insideers, who only account for 6% of such data loss. The percentages break down to:

• Lost or stolen electronic backup (i.e. magnetic tapes) = 26%
• Lost or stolen paper records and files = 13%
• Hacked electronic systems = 10%
• Malicious activity by employees = 6%
• Malicious code (i.e. malware, spyware) = 6%
• Misplaced network or enterprise storage devices (i.e. natural disaster) = 3%
• (6% of companies did not report how the data loss occurred)

Source: PCI and Data Security Compliance

Posted November 30, 2006 in Log Management & Intelligence | Permalink | Comments (0)

« October 2006 | Main | December 2006 »

One Of The 10 Most Overlooked Aspects of Security - Log Management

Or so Dark Reading says:

"The trick is learning how to analyze log files in a way that is thorough, yet not too time-consuming. For most IT organizations, this means using a combination of automated log file analyzers, security information management tools, and good old-fashioned detective work."

We agree. Their emphasis on a combination of tools is critical. Anton is quoted in the story:

"To fully realize the value of log data, one has to take it to the next level of log mining: actually discovering things of interest in log files without having any preconceived notion of ‘what we need to find,’” Chuvakin says. “It sounds obvious -- how can we be sure that we know of all the possible malicious behavior in advance -- but it is disregarded so often.”

Posted November 30, 2006 in LogMatters | Permalink | Comments (0)

« October 2006 | Main | December 2006 »

Links: So many logs, so little time

Anton's recent post on the importance of looking at Logs has inspired a few posts

• Network Security Blog: "The only problem is, in most organizations, log monitoring is an afterthought.."
• The Importance Of Logs: "There may not be anything more boring in Security than reviewing log files, but there also may not be much that is more important". Maybe we should have a t-shirt along the lines of "Taking the Boredom out of Logging".
• Analyzing trends in security log files: "Log files are not so much overlooked as unappreciated. After all, it would be hard to overlook the mountain of data created each day by system hardware, network devices, PC hard drives, and IT security applications. In fact, most IT and security pros have so much log data that they typically only skim it, or ignore it altogether." (BTW DarkReading dudes... Anton now works for LogLogic...)
• Anton is quoted in the piece: "To fully realize the value of log data, one has to take it to the next level of log mining: actually discovering things of interest in log files without having any preconceived notion of ‘what we need to find,’” Chuvakin says. “It sounds obvious -- how can we be sure that we know of all the possible malicious behavior in advance -- but it is disregarded so often.”

Posted November 30, 2006 in | Permalink | Comments (0)

« October 2006 | Main | December 2006 »

You better watch out, PCI DSS is under the tree

Consumer Reports estimates that in the United States, some 62 million adults plan to go shopping nationwide on Black Friday, the day after Thanksgiving that has become synonymous with the start of holiday shopping season. Reuters says that "consumer spending accounts for some two-thirds of U.S. economic activity, and the holiday season typically accounts for about one-fourth of retailers' annual sales." That is alot of retail transactions happening between now and the close of 2006. Just how safe is credit card data in this watershed bliss for retailers?

It might not be safe enough for to meet compliance mandates set forth by credit card companies. PCI DSS is now a reality for many of those retailers whose customers are lining up to get into the stores when they open tomorrow. And, the noose is tightening and how... Just last month Visa reportedly took aim at the nation's largest merchants with fines that start at $10k per month.

Protecting stored data, and being able to prove that you properly secured that data is of vital importance in avoiding big fines. Effectively collecting, alerting, securely storing, searching, and reporting 100% of your log files can help ensure PCI compliance -- continuously. On December 6 we will be hosting a webcast to help give you a playbook to get compliant before those packages are even wrapped under a tree or next to your menorah this holiday season. Register here.

Technorati : Compliance, LMI, Logs, PCI, PCI Compliance
Del.icio.us : Compliance, LMI, Logs, PCI, PCI Compliance

Posted November 23, 2006 in Log Management & Intelligence , Risk Management , Security | Permalink | Comments (0)

« October 2006 | Main | December 2006 »

A Longview on SOX

SC Mag just published a feature looking back on Sarbanes-Oxley, two years later. The article chronicles the initial fear SOX brought to the boardroom three years ago as it differed from other regulations by adding real "teeth" -- and jail time for executives who were noncompliant.

With the initial shock now gone from SOX compliance, companies today are focusing more on the process and strategies for continuous compliance, rather than the fear of jail time.

SCMag's Frank Washkuch writes: "Now those fears are mostly in the rearview mirror for corporate executives, as two years of experience with the regulations - plus a lack of SOX-related prosecutions - have put minds at ease with the federal mandate. Many forward-looking companies are also realizing that they can use SOX to their advantage to create best practices... Because of the complexities of making sure major national and international corporations are compliant with numerous state, federal and, in some cases, foreign standards, many companies are now using automated processes."

Washkuch taps LogLogic's own Andy Lark for his take on SOX two years later. Lark is quoted, "We're seeing an enormous interest in anything that automates SOX, as well as anything that regulates other regulations," he says. "What we say to people is that rather than building a SOX dashboard, you're going to be much better off building a COBIT 4 board that can be used for SOX. We definitely see a lot of elevated interest in anything that automates manual processes."

Technorati : Cobit, Compliance, ITIL, Log Management, LogLogic, SOX, Sarbanes-Oxley
Del.icio.us : Cobit, Compliance, ITIL, Log Management, LogLogic, SOX, Sarbanes-Oxley

Posted November 21, 2006 in Compliance , Log Management & Intelligence | Permalink | Comments (0)

« October 2006 | Main | December 2006 »

Finding log gems among the norm in Sendmail

Anton is focused on discovering hidden gems in log data among the mountain of log files generated on enterprise systems. Over at his O'Reilly blog, he is offering a few tips on how Sendmail, Exchange, QMail, Postfix, and other MTA logs hide a plethora of insights that are useful for email security and email performance management. To uncover rare and unusual messages easily among the hundreds of other messages out there, Anton offers a quick tutorial on mining the log data for the unusual. His approach to unearth that elusive 10% of messages that are different and potentially ominous? Reviewing and watching for errors and failures in the set of rare messages can make investigations more effective when you review log records from the same timeframe. Another key tip -- look for gaps in logging, especially those gaps that occur immediately following rare messages.

Technorati : Log Management, Logs
Del.icio.us : forensics, logs, sendmail

Posted November 14, 2006 in Log Management & Intelligence , Risk Management , Security | Permalink | Comments (0)

« October 2006 | Main | December 2006 »

Information Security Must Evolve

Speaking to the need for Information Security to evolve, Amrit makes three key points:

1. The threat environment has become increasingly dangerous.
2. Business is leveraging the Internet for innovation, moving away from brochure-ware to service delivery via the web. SaaS, SOA, web services, are creating complex and dynamic environments in which traditional methods of security and optimization no longer provide the same value to the organization.
3. Regulatory compliance pressures are forcing organizations to gain greater visibility into their security programs.

He goes on to deliver one of the key answers to responding to these challenges -"Process is as important, actually even more so, than technology -start with process than add technology to support strong process, not the other way around".

This is more than right. It's critical to success. Most security teams we speak to are dealing with three levels of "compliance". First, regulatory (SOX, HIPAA, GLBA...). Second, industry and business (PCI...) and third, process and control. Executing against each of these individually would require an unbelievable and unsustainable effort. The reality is that compliance can be addressed best by starting with processes. It should be a "write once, run everywhere" activity.

This is the primary reason we're not just addressing individual mandates through our LogLogic Compliance & Control suites but also best practices and controls such as COBIT, ITIL and ISO. And, why our platform is a SOA that facilitates sharing of information and intelligence with other applications and systems. In doing so, we're getting directly at Amrit's final point: "Security can no longer exist in a silo or a vacuum, security programs and security professionals must align themselves with the business or face extinction."

Posted November 13, 2006 in LogMatters | Permalink | Comments (0)

« October 2006 | Main | December 2006 »

Don't Be The Next CyberCrime Headline!

Headlines of the past week are showing that the need for good forensics policies and technology for IT is imminent. From Four Arrested in Chile for Cyber Intrusions to Fourteen Arrested in International ID Fraud Investigation. Even McGruff the crime dog, is making headlines with his campaign to "Take a bite out of Cyber Crime."

Log Management can keep systems running optimally and can enable Enterprises to quickly comply with mandates, but the case for good forensics is often overlooked until it is too late. Security experts understand the importance of a well formulated incident response capability in answering compliance and security mandates.

Learn more about incident response at our upcoming SC Magazine Live Webcast on November 15th at 11amPT, Integrating Log Analysis and Forensics to Deliver Superior Incident Response.

Topics to be covered include:

• Defining forensics & LMI best practices - Integrating people, processes, and technology into a seamless forensics and compliance program

• Achieve Continuous Compliance and rapid incident response through best-in-class incident response and forensics

• Deploy next generation log management and intelligence and host-based investigative technologies as a standard operating procedure for incident response and compliance investigations.

Sign up now for the live event here.

Posted November 09, 2006 in Log Management & Intelligence , Risk Management , Security | Permalink | Comments (0)

« October 2006 | Main | December 2006 »

New Jobs This Week @ LogLogic

We're growing our test automation team. Take a look if you are interested in joining one of the hottest start-ups in Silicon Valley.

Posted November 03, 2006 in LogMatters | Permalink | Comments (0)

Visit loglogic.com

Subscribe to this blog’s feed

• January 2010
• December 2009
• November 2009
• October 2009
• September 2009
• August 2009
• July 2009
• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• January 2009
• December 2008
• November 2008
• September 2008
• August 2008
• July 2008
• June 2008
• May 2008
• April 2008
• March 2008
• February 2008
• January 2008
• December 2007
• November 2007
• October 2007
• September 2007
• August 2007
• July 2007
• June 2007
• May 2007
• April 2007
• March 2007
• February 2007
• January 2007
• December 2006
• November 2006
• October 2006
• September 2006
• August 2006
• July 2006
• June 2006
• May 2006
• April 2006
• March 2006
• February 2006
• January 2006
• December 2005
• November 2005
• October 2005
• September 2005

Blogroll

• CynergisTek
• Bruce Schneier
• InfoSecDaily

Compliance

• Continuity Central
• Compliance Pipeline
• SOX Compliance Journal
• Sarbanes-Oxley 101

Good Reading

• Log Management ROI
• Log Management Best Practices
• SANS Institute Log Management White Paper

LogLogic

• O’Reilly
• Anton Chuvakin
• LogLogic.Com
• Jian Zhen

LogLogic Partners

• Juniper Networks
• ONStor
• Counterpane
• Bluecoat

Sites We Watch

• InformationWeek
• CRN
• eWeek
• IT Manager's Journal
• The Reg
• TechWeb
• The Merc
• IT Architect
• C/Net
• Security Focus
• Slashdot
• SANS
• CIO Insight