LogBlog

« November 2008 | Main | January 2009 »

IRS Should Audit Itself - or at least its cybersecurity logs

Slashdot is one of the places you can read about a recent report from the inspector general's office at the US Internal Revenue Service, the agency's IT staff hasn't been routinely checking its cybersecurity audit logs. Gasp! What?!? In short, the IRS is not in compliance with the Federal Information Security Management Act, called FISMA for short.

A quote from the report issued Monday and covered by PC World today states: "These weaknesses increase the likelihood that intruders from the Internet could gain access to sensitive taxpayer data residing on the IRS network without being detected."

We can't argue. The report says the IRS has effectively deployed intrusion detection systems (IDS) at its Internet gateways, but didn't have a process in place for vetting the logs. In addition, the IRS gave privileged users access to audit logs, leaving room for internal foul play. The report recommends the IRS institute a policy for saving audit logs and putting them through independent review by non-privileged administrators.

IRS CIO, Arthur Gonzalez, says the agency is working aggressively to protect its Internet gateways and to improve its overall security posture. Mind you, the report covered the period from February 2007 to March 2008, meaning that in the last 20 months or so, taxpayers have been vulnerable to identity theft.

FierceCIO.com writer, Judi Hasson, reported, "The action was like baking half a loaf when a full loaf was essential."

The IRS report was released the same day as Cisco's Annual Security Report, which found that Internet-based cyberattacks are becoming increasingly sophisticated and specialized as profit-driven criminals continue to hone their approach to stealing data from businesses, employees and consumers.

Highlights from the report as covered by Network World reveal:

In addition, the Cisco report predicts insider threats to grow in 2009 as the global economic downturn entices employees to steal corporate data. On the upside, the Cisco report also foresees companies continuing to adopt well-enforced data security policies to make compliance easier and to reduce incidents of data loss. You can download the free report and watch an overview of the report on YouTube for more information.

Posted December 20, 2008 in Log Management & Intelligence | Permalink | Comments (0)

« November 2008 | Main | January 2009 »

Appropriate Monitoring for Electronic Patient Records

The Department of Health and Human Services this week released new privacy guidelines (PDF) for electronic health records, the use of which President-elect Barack Obama has promised to support as part of his plan to jump-start the economy.

Some quotes from this report:

SAFEGUARDS Individually identifiable health information should be protected with reasonable administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure.

ACCOUNTABILITY These principles should be implemented, and adherence assured, through appropriate monitoring and other means and methods should be in place to report and mitigate non-adherence and breaches.

Unfortunately the principles are still high-level and offer no specific guidance on how to safeguard health information beyond recommending "appropriate monitoring".  We have often recommended the Payment Card Industry's data security standard of a great example for a standard which is both crisp and concrete offering specific guidance.  A couple of tips for the new administration:

1. How NOT to protect health information:

According to breach blog, just last week (12/12/2008) 890 patients from the Oregon Health & Science University in Chicago lost "medical record numbers, names, telephone numbers, dates of birth, gender, medical diagnosis category and category of treatment" due to a stolen laptop. 

2. How to do right by your patients

Visiting Nurse Service of New York protects patient records for 131,000 patients through "appropriate monitoring".  The organization tracks all IT activity, including access to health information, by collecting log data from approximately 4,000 mobile nurses with tablet PCs, 8,000 technology accounts, 324 servers and an additional end-points.  “As I see it, logging is really the beginning of all computer intelligence,” says Larry Whiteside, Jr., Chief Information Security Officer for VNSNY.

Larry is my super-hero of the month and I encourage policy makers in health IT to look him up.

Posted December 18, 2008 in | Permalink | Comments (0)

« November 2008 | Main | January 2009 »

Lowly Logs versus Goliath Tech Elite

LogLogic alum Anton Chuvakin is commenting on security sales and the mistake of "selling what you have" instead of "listening to what the customer needs".  I want to take this one step further: it seems to me that Silicon Valley has a long-standing tradition to "build technologies" and then "hope that they will come".  "They" being the customers in this case. There are many cool technologies looking for a customer problem.  As a former venture-capitalist I have seen many of these technologies.  The log management market is no exception.  There are SenSage and Nitro Security which each have a specialized database looking for a problem and there are Splunk and Paglo with IT search engines looking for a problem.   I am not saying these are bad solutions - I will let customers be the judge on that - but I am saying that there is definitely a strong difference in cultural NDA at each of these places.

At LogLogic, we started with a problem that is messy and lowly: how to use log data to substantiate compliance, how to use log data to debug IT performance problems?  The solution may sound boring to some in the tech elite and we don't have as many patents as some of our competitors, but it works and solves a real problem. Co-incidentally, LogLogic was not founded in Silicon Valley but in the mid-west.  I am not sure that has anything to do with it, but - just in case - if I ever return to VC, I am looking in the mid-west for a next crop of customer centric start-ups.

Posted December 18, 2008 in | Permalink | Comments (0)

« November 2008 | Main | January 2009 »

Podcast: IT systems analytics become more crucial as cloud and SaaS adoption raises complexity bar

Read a full transcript of the discussion. Find it on iTunes/iPod.

Software-as-a-service (SaaS) and cloud computing are changing the nature of IT systems’ performance requirements and heightening expectations for end users from online applications and services.

Increasingly, an extended level of visibility, management, and performance will apply to those serving up applications as services, regardless of their hosting origins or models. The more the apps and services fulfill a need, the more the users will expect even better results and performance.

In other words, the more these organizations succeed, the more they need to scale, leverage virtualization and cloud infrastructure methods, embark of service oriented architecture (SOA) and then keep all the trains running fast and on time. Using the latest tools and analytics — the equivalent of business intelligence (BI) for IT — on the systems and across the gathering complexity becomes essential.

To learn more about how systems log tools and analysis are aiding providers of cloud and SaaS, I recently spoke with fellow blogger Phil Wainewright, an independent analyst and director at Procullux Ventures, and SaaS blogger at ZDNet and ebizQ, as well as with Jian Zhen, senior director of product management at LogLogic.

Posted December 17, 2008 in Cloud Computing , Log Management & Intelligence , SaaS | Permalink | Comments (0)

« November 2008 | Main | January 2009 »

LogLogic named a finalist for SC Awards 2009!

Now in its 12th year, the SC Awards, hosted by SC Magazine, honor the professionals, companies and products that help fend off security threats confronted in today's corporate world. Yesterday, LogLogic was named a finalist for the "Best Computer Forensics Solution" Reader's Trust award. The winners will be chosen by a panel of volunteer SC Magazine readers. Judges vote on the functionality, manageability, ease-of-use and scalability of each product or service, as well as the customer service and support provided.
We were reviewed twice by SC Magazine this year. Check out the four-and-a-half star review of LogLogic LX 2010 v4.2, our enterprise log management and intelligence appliance. We were also reviewed in the UK by SC Magazine this summer – you can read the 5-star review of our mid-market MX 2010 log management appliance.
In addition, some of our partners have been named finalists! Congratulations to both VeriSign and SecureWorks for their recognition.
Cross your fingers for us! We've won in the past and hope the readers of SC Magazine will choose us again this year. Stay tuned – winners will be announced April 21, 2009 in conjunction with the RSA Conference in San Francisco. We hope to see you there!

Posted December 11, 2008 in | Permalink | Comments (0)

« November 2008 | Main | January 2009 »

Enable visibility and transparency through application logging

LogLogic has been advocating comprehensive logging for all IT components (or configuration items if you are in the ITIL camp) including applications for a long time now. We have worked with many of our customers to ensure that there's 100% collection and analysis of their IT log data. In the last several months there's been a huge uptick in the area of application logging, specifically for the application developers. This is partially due to the general interest in cloud computing and SaaS applications.

To quote a few blogs, Amrit Williams said in his blog "Amazon AWS, Google App Engine, Microsoft Azure, and More - Part 1: Can We Secure The Cloud?" (emphasis mine):

The one suggestion that elicited the greatest interest and most questions was a simple one; develop your applications so that they can be easily audited by the security and IT teams once they are in production, enable auditing that can capture access attempts (successful or not), date/time, source IP address, etc…the folks I talked to afterwards told me it was probably the single most important concept for them during the summit - enable visibility.

Todd Hoff said in "Log Everything All the Time":

you need to log everything all the time so you can solve problems that have already happened across a potentially huge range of servers.
What you need to be able to do is trace though all relevant logs, pull together a time line of all relevant operations, and see what happened. And this is where trace/info etc is useless. You don't need function/method traces. You need a log of all the interesting things that happened in the system.

Todd also gave a fairly extensive list of suggestions to application developers on how they should be logging in his article.

By logging, capturing and analyzing everything, IT organizations can enable visibility and transparency into their applications. This not only helps with troubleshooting and forensics as Todd suggested, but it will help IT organizations achieve and enhance accountability. It will help IT do more with less.

Bottom line:

Posted December 03, 2008 in Log Management & Intelligence | Permalink | Comments (0)

Visit loglogic.com

I ♥ Logs

Subscribe to this blog’s feed RSS

June 2010
Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30      
Categories
Archives
Blogroll
Blogroll
Compliance
Good Reading
LogLogic
LogLogic Partners
Sites We Watch