LogBlog

« February 2007 | Main | April 2007 »

LogLogic Platform Gets Certified for NetApp's Snaplock

Today we announced that we are the LogLogic Log Management Platform is now certified for NetApp's Snaplock storage and compliance solutions. Snaplock to help customers simplify the management of immutable lhich is designed to create WORM (Write Once Read Many) data archives.

Log data is often stored in departmental silos without attention to data integrity or security, but compliance mandates and operating pressures -- such as frequent audits and increasing demands for user activity monitoring - are making Enterprises approach log data horizontally across the organization. To do this, collecting all log data all of the time is critical as is storing the log files in a completely secure and unchangeable form. For forensics, legal reasons and satisfying compliance mandates like PCI, immutability of log data is becoming necessary in today's enterprise.

Gerard M. Stegmaier of Silicon Valley law firm Wilson, Sonsini, Goodrich and Rosati talked about the implications for Logs and the Law in a podcast along with LogLogic's Andy Lark. Check it out here.





Technorati : , , , ,

Posted March 29, 2007 in Compliance , Log Management & Intelligence , Risk Management | Permalink | TrackBack (0)

« February 2007 | Main | April 2007 »

Anton Logging Tip of the Day #9: But He "Wasn't Logged!"

The idea for this tip originated when my presentation on log analysis was rejected by one of the high-profile security conferences on the grounds that "logs don't matter since advanced attackers never leave traces in logs [or erase them before anybody can get to them] ."  Indeed, some of my security friends of a  more "offensive orientation" have long developed this snobbish (even if woefully naive...) attitude about logs. 

So, imagine a network that has fallen victim to a 0day-wielding super-hacker, who kicked the door open, grabbed the crown jewels and took off. When, much too late as usual, the "good guys" rushed in to pick up the pieces, only there was seemingly nothing much to pick: the server logs were erased and their pricey network IDS didn't make a peep. What do you do now?

So, let's list some uncommon (and some common, but often untapped for the task at hand!) sources of log data and provide a few log analysis tips:

To conclude, while there is no search pattern for "advanced attacks," logs are still extremely useful in such circumstances if you prepare by setting up a broad scope of log collection (I suspect using a log management system will be your only choice as log volumes will be pretty bone-crashing) and then combing through the logs after the incident. And remember the less common sources of log data, such as database logs.

Posted March 29, 2007 in | Permalink | TrackBack (0)

« February 2007 | Main | April 2007 »

On Photocopiers and Identity Fraud

Over at Baseline, Debbie Gage writes ...

At least 15 million Americans are now victims of identity fraud, up more than 50% since 2003 when the Federal Trade Commission released its numbers, Gartner says. Americans are also losing more money to identity fraud--$3,257 on average in 2006, compared to $1,849 in 2005--and they're recovering less, an average of 26% less.

That is alot of companies that should be listening to Avivah right now. PCI is here and getting compliant is a necessity. (And Avivah specializes in that area of course!)

But how about those devices -- you know those photocopiers are watching your data too...

"Everyone forgets that there's data in there," said Avivah Litan, an analyst at Gartner. "Copiers and other intelligent devices like multifunction printers are very exposed in the enterprise. They're open to attack via modems, and people forget about changing the default passwords."

All of your devices are harboring data. How do you deal with that? Is it secure?



Technorati : , , ,

Posted March 28, 2007 in Compliance , Log Management & Intelligence , Risk Management , Security | Permalink | TrackBack (0)

« February 2007 | Main | April 2007 »

SANS What Works In Log Management Summit 2007

If you don't have this on your calendar it's time to make the date! SANS WhatWorks in Log Management Summit is set to kick-off April 23 to 25 here in Silicon Valley.

LogLogic will be there along with customers and partners (all of us are presenting at some point). If you are a LogLogic customer and planning on attending, let us know - we'd love to host you for dinner.

Posted March 26, 2007 in Log Management & Intelligence , LogLogic News | Permalink | TrackBack (0)

« February 2007 | Main | April 2007 »

PCI Book On the Way...

Anton Chuvakin, a Loggie, has a co-authored book on the way on PCI Compliance:

I am sure that "everybody in the know" is already, well, in the know, but still - here it comes, the first book on PCI: '"PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance"by Tony Bradley (Author), Anton Chuvakin (Author), Anatoly Elberg (Author), Brian J Koerner (Author)'.

Posted March 22, 2007 in LogMatters | Permalink | TrackBack (0)

« February 2007 | Main | April 2007 »

Network security market to surpass $5 B this year

A new report form CA-based Infonetics Research on the state of worldwide network security appliance and software sales says that there has been an increase of 15% to $4.5 billion between 2005 and 2006, forecasting that the network security market industry will surpass the $5 billion mark for the first time in 2007.

Jeff Wilson, principal analyst at Infonetics Research says that "the most important appliance category to watch over the next year is secure routers."

Key findings in the Network Security Appliances and Software report are:

Secure routers account for 29% of the total integrated security appliance market in 2006 and will continue to increase their share of the market through at least 2010

Worldwide SSL VPN gateway revenue jumped 40% in 2006, following a 61% increase in 2005

Worldwide IDS/IPS (intrusion detection and prevention systems) revenue grew 19% in 2006

Cisco continues to lead the overall network security market, with 38% worldwide revenue share in 2006, posting growth in all network security market segments tracked by Infonetics

Juniper and Check Point are tied for second, each with 9% worldwide revenue in 2006

More info and to preview Infonetics reserach is here.

Technorati : , ,

Posted March 20, 2007 in Risk Management , Security | Permalink | TrackBack (0)

« February 2007 | Main | April 2007 »

IT Security's Top 59 Influencers Includes LogLogic Vets

Our own Anton Chuvakin was named to IT Security's most influential security experts of 2007.

He is in some very good company....check the site's complete list of the most influential security experts of 2007 - from corporate tech officers and government security types, to white hat hackers and bloggers.

Joining Anton is LogLogic's CMO Andy Lark, named in IT Security's Bloggers List.

The list certainly generated a lot of buzz in the security blogosphere.....

Technorati :

Posted March 20, 2007 in LogMatters , Security | Permalink | TrackBack (0)

« February 2007 | Main | April 2007 »

On Log Database Security

A paper at CSI Alert written by LogLogic's Anton Chuvakin introducing Database Log Analysis.

Here is a peek at Part One in a series . . .

" . . . Database security have been capturing more and more attention in recent years, even though most of the security issues surrounding the databases existed since the first day commercial database systems were introduced in the market.

Nowadays, database security is often seen as containing the following principal components:

• access control to database software, structures and data
• database configuration hardening
• database data encryption
• database vulnerability scanning

It is interesting to see that logging and auditing underline all of the above domains of database security. Indeed, the only way to verify what access control decisions are being made and who views what data from the RDBMS is to look at the authentication logs. Database configuration hardening includes enabling and increasing the auditing levels. Similarly, data encryption might be verified by log and configuration review. And, vulnerability exploitation usually leaves traces in logs despite what some say (the challenge is more often with understanding what the log said and not with having the logs)

In recent years, insider attacks gathered more attention than periodic outbreaks of malware; and database logging happens to be in the forefront of this fight against insider attacks. Database systems are usually deployed deep inside the company network and thus insiders are usually has the easiest opportunity to attack and compromise them, and then steal (or "extrude" as some would say) the data . . ."

To review the complete paper (freely available to CSI members) you can get it from GOCSI.com.

Technorati :

Posted March 19, 2007 in Log Management & Intelligence , Security | Permalink | TrackBack (0)

« February 2007 | Main | April 2007 »

The Log Data Warehouse

What are the best practices for Log Management and Intelligence? Why do you need it? Who already uses it? Senior Analyst at Enterprise Strategy Group, Jon Oltsik talks about the emergence of log management as a killer strategy for IT in a webcast event today.

Criticizing what he calls a " laissez faire" approach to Log Management, Oltsik reveals the customer's voice on log matters in a Webcast available now on demand. The event will cover the highlights of Oltsik's new report "Delivering Log-Powered Services Across the Enterprise."

Join Jon Oltsik for an overview and live Q&A session on the findings from his newly released study on "Enterprise Log Management Services." LogLogic's Anton Chuvakin joins in the talk.

Log Management is good news and bad news for security management.

Technorati : , ,

Posted March 15, 2007 in Log Management & Intelligence | Permalink | TrackBack (0)

« February 2007 | Main | April 2007 »

The Security Arms Race


"We're In a Security Arms Race, "according eBay CEO Meg Whitman, who made this comment at the Visa Security Summit last week.

While Nordstrom executives called for more guidance from card companies on how to rank data risks to help categorize high- and low-priority issues and Visa USA President and CEO John Philip Coghlan talked about the impact of retailers storing prohibited data, eBay's Whitman offered some proactive steps towards a solutions for protecting customer data.

EBay, she says, includes a digital signature on every email it sends so that customers can identify legitimate company e-mails in the hopes that ISP's will only route emails that contain this signature. EBay-owned PayPal has a security key that creates a random code to authenticate each transaction.

Whitman also expressed a bit of dissatisfaction with the way banks and card companies have handled compliance issues in the past, noting that bank card networks receive information about fraudulent transactions long before (sometimes days or weeks) merchants find out. Not ok, according to EBay, which wants to know about fraudulent payment accounts before its users ship that autographed Yankee baseball to the bad guys.

Ebay is saying what we are hearing here at LogLogic from many of our customers who are feeling the pressure to comply with the PCI data security standard and need a complete approach that carefully tracks, manages, and reports on log data.

Ignoring PCI is risky for your business.

Technorati : , ,

Posted March 15, 2007 in | Permalink | TrackBack (0)

« February 2007 | Main | April 2007 »

Hello Ruby Tuesday

In a move to proactively combat the risk of data theft and secure their customer's data, US-based restaurant chain Ruby Tuesday is opting out of the data retention business altogether according to an AP article, implementing a system that doesn't store credit cards locally and uses strong encryption to send data to a processing center.

The report said that the credit card data leaves the restaurant and is sent to the bank in an encrypted form to cut down on identity theft. They plan to roll out the technology across the company's 900 locations by April.

Visa International said that the new system is fully compliant with PCI DSS.

Bravo to Ruby Tuesday 's efforts to keep customers data safe. Pass the salt?

Technorati : , ,

Posted March 14, 2007 in | Permalink | TrackBack (0)

« February 2007 | Main | April 2007 »

LogLogic Joins PCI Security Vendor Alliance

We joined the PCI Security Vendor Alliance (PCI SVA). Founded by a group of leading data security firms, the alliance assists members of the payment card industry and the PCI Security Standards Council -- merchants, banks and point-of-sale vendors - in educating the business community on the requirements and business value of the PCI DSS.

According to a recent article in Informationweek, in the past year PCI compliance has doubled from less than 15% to about one-third among Level 1 merchants, those that process more than 6 million transactions annually.

PCI SVA members will leverage their combined knowledge to provide best-of-breed PCI DSS solutions that address the needs of any enterprise that seeks a clearly defined, highly auditable data protection framework. More info here.


Technorati : , , ,

Posted March 13, 2007 in | Permalink | TrackBack (0)

« February 2007 | Main | April 2007 »

Drowning in Data? Grab a Log

IDC researcher John Gantz began a study on data, estimating that 161 exabytes of digital data - or about 161 billion GB - were generated in 2006 alone. Think about that. According to the USA Today that is

168 million terabytes, or roughly the equivalent of:
36 billion digital movies
43 trillion digital songs
1 million digital copies of every book in the Library of Congress

How much of the data generated inside businesses must be stored? Facing government regulations over the globe, such as the Sarbanes-Oxley Act in the US and the EU Data Retention Directive, more and more organizations are being required to save more information than ever. The impact of the regulations globally is staggering. Just this week analysts predicted the impact of the EU law on Asia could see communications providers and operators in the region to comply.

Searching on all the data is even trickier. Log Mangement and Intelligence effectively deals with the problem of continuously complying to multiple mandates simultaneously and being able to locate the data you need for compliance, forensics and to reap operational efficiencies.

Technorati : ,

Posted March 08, 2007 in Compliance , Risk Management , Security | Permalink | TrackBack (0)

« February 2007 | Main | April 2007 »

Visa Takes Data Security to DC

Today, at the second Maintaining Trust in Payments Summit, organized by Visa and Harvard Business School Publishing, industry leaders from business, government, and technology gathered in D.C. to discuss the security for the electronic payments industry, including the ever-present problems of consumer data theft and identity fraud, which, according to a recent Gartner survey, has increased by 50% in three years.

Topics covered the role of technology in payment security, the amount of time companies should be allowed to wait before disclosing data breaches to consumers (no doubt sparked by TJ Maxx's admission that their recently publicized security breach may have occurred as far back as 2003) and the role of the government in protecting both consumers and the payment card industry.

Kudos to Visa for organizing this summit-- hopefully log management will play an important role in the discussions as PCI compliance requires that organizations maintain detailed, real-time reports on their log data to ensure network and data security.

Technorati : , , ,

Posted March 07, 2007 in Compliance , Log Management & Intelligence , Security | Permalink | TrackBack (0)

« February 2007 | Main | April 2007 »

Leading Causes Of Data Loss

Looking at this report, an effective LMI platform is a key antidote to data loss. Sure, it won't prevent someone loosing a laptop, but it will deliver alerting and reporting on many of the other areas identified in this report.

What is interesting is the extent to which human error is the overwhelming cause of sensitive data loss, responsible for 75 percent of all occurrences. User error is directly responsible for one in every two cases (50 percent) while violations of policy - intended, accidental and inadvertent - is responsible for one in every four cases (25 percent). Your LMI patform should deliver reporting and alerts on major IT controls and standard policies.

Posted March 07, 2007 in Compliance , Risk Management , Security | Permalink | TrackBack (0)

« February 2007 | Main | April 2007 »

Links & Good Reading

Jon Olstik touches on the good news and bad news for security management:

"What used to be a small, tactical security event management implementation is evolving into a much bigger opportunity. As enterprise organizations collect log and network flow data, they want to provide it to the network operations, compliance management, system administrators, lines of businesses and security for all kinds of analysis. In geeky technical terms, what was a security-focused data mart is turning into an enterprise IT data warehouse for all kinds of data analysis, event monitoring and reporting. "

Exeactly. Watch for more on Log Data Warehousing!

Posted March 07, 2007 in LogMatters | Permalink | TrackBack (0)

« February 2007 | Main | April 2007 »

Expensive Sox...

SOX spending accounts for 20% of global governance. From over at Findtechinsights:

Sarbanes-Oxley spending isn't likely to change much this year, according to AMR Research. The company's latest report predicts that, despite recent revisions to relax the corporate reform law's requirements, 2007 Sarbanes-Oxley compliance spending will stay at $6 billion and account for around 20 percent of the total governance, risk and compliance spend of $29.9 billion. The latter figure represents an 8.5 percent increase from 2006. The numbers don't change much, explains AMR Research VP John Hagerty, because some small companies will be spending on Sarbanes-Oxley compliance for the first time in 2007.

Posted March 01, 2007 in LogMatters | Permalink | TrackBack (0)

Visit loglogic.com

I ♥ Logs

Subscribe to this blog’s feed RSS

June 2009
Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30        
Categories
Archives
Blogroll
Blogroll
Compliance
Good Reading
LogLogic
LogLogic Partners
Sites We Watch