« LogLogic and Exaprotect Make a Winning Team | Main | User Monitoring: Sacrificing the privacy of few to protect the information of many? »

LogLogic Buys Exaprotect: 3 Reasons Why Customers Win.

By Dominique Levin
VP Marketing & Strategy

Last week LogLogic announced its intend to acquire Exaprotect. In February we had already announced a partnership with Exaprotect to deliver the LogLogic Security Event Manager. In February we also announced LogLogic Compliance Manager, which has since shipped to the general public, and LogLogic Database Security Manager, generally available later this quarter. Now we have added the Exaprotect Change Manager product line. In a mere couple of months LogLogic went from a singularly focused company with leading log management platforms to having five product lines working together to form the most complete security management suite.

So how does this all benefit customers?  The combined product portfolio answers 3 simple questions for customers:

What is happening?

What is important?

What to do about it?

1. What is happening? Log Management and Database Activity Monitoring.

It all starts and ends with log data. You cannot secure or manage what you cannot see. Therefore, first focus on building a central repository of user and system activity. You do this through aggregating, summarizing and archiving log data. Log data can tell you who are accessing your network, systems and even who are seeing, changing or moving individual information objects. Per a recent SANS survey, 99 percent of customers are collecting (or planning to collect in the next year) some log data but for many it is work in progress. Virtually all collect network data (“who is accessing my network?”) and most collect system-level data (“who is accessing my systems?”). For most companies even collecting a complete activity record remains a work in progress. Leading-edge organizations are now turning their attention to understanding activities around business applications, transactions and monitoring access to specific sensitive information objects. This is particularly true for structured information in databases. Databases are a one-stop shop for valuable data. Organized criminals are targeting sensitive data in databases to sell for $300 per record. Since the data is structured, you know where it resides and you can monitor access to these specific records. LogLogic expanded into database activity monitoring with a specialized database sensor. The sensor sees more than you would through native logs, including activities that are triggered by stored procedures, obfuscated queries and such. This is great as a stand alone product, but at the end of the day, database activity should be analyzed in context with all other activity data – hence the convergence of log management and database activity monitoring.

2. What is important? Compliance management and security event management.

Just having the data on a pile is of course not enough. Once you have a central record of activity, you need look at this information. Few organizations are proactive about this. LogLogic compliance management and security event management applications can help. LogLogic Compliance Manager is about deciding who should be looking at what log data when and then enforcing such log review process through software. Compliance is a collaborative process and Compliance Manager facilitates collaboration on pro-active security. It productizes best practices, presents reviewers with an easy in-box of log review tasks and the ability to annotate and score activities. Ultimately the log review scores roll up into a dashboard that presents executives with the overall timeliness of review and a compliance score. It is still human beings who do the bulk of the actual analysis. LogLogic Security Event Manager goes one step further and uses cross-device correlation and contextual analysis with vulnerability and asset data to prioritize suspicious activities automatically. For example, access to a HR database followed by a large e-mail sent, could be suspicious and needs to be investigated immediately.

3. What to do about it? Change management and database security.

Contextual analysis of log data is cool and it can go a long way turning raw log data into actionable information and even into recommendations. However, security Nirvana would be self healing. Increasingly software could make automated recommendations and predictions about unusual and suspicious activities and could prevent bad things from happening in the first place. LogLogic Change Manager and the LogLogic Database Security agent both have the ability to enforce security policies. Most customers aren’t quite ready to automatically re-configure a firewall policy based on a security alert, but at some point in the future as predictions become more accurate, automatic remediation will become a reality. One area where automated prevention is a reality is in database security. About 20% of database security customers also turn on active blocking. It makes sense that blocking would be more prevalent with systems that can do fine-grain monitoring. It is tricky to kick somebody off the network wholesale based on a security alert. There are still too many false positives. If you get it wrong you seriously hurt productivity. That is not a good thing ever, but especially not in an economic downturn. Most organizations prioritize productivity over security. It is much more acceptable however, to block access to a specific piece of information based on suspicious activity.

In summary, with the addition of Exaprotect, LogLogic can better protection information at a lower cost. This is good news at a time that few customers can afford to maintain the staff and budgets to integrate many disparate point products.  Unified security management also leads to better information protection. Pro-active security monitoring (LogLogic Security Event Manager and LogLogic Compliance Manager), combined with fine grain monitoring (LogLogic Database Security Manager) leads to more accurate prevention (LogLogic Change Manager and LogLogic Database Security Manager) and better information protection.

Posted April 27, 2009 in Compliance , Log Management & Intelligence , LogLogic News , Security | Permalink

Visit loglogic.com

Subscribe to this blog’s feed

• March 2010
• February 2010
• January 2010
• December 2009
• November 2009
• October 2009
• September 2009
• August 2009
• July 2009
• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• January 2009
• December 2008
• November 2008
• September 2008
• August 2008
• July 2008
• June 2008
• May 2008
• April 2008
• March 2008
• February 2008
• January 2008
• December 2007
• November 2007
• October 2007
• September 2007
• August 2007
• July 2007
• June 2007
• May 2007
• April 2007
• March 2007
• February 2007
• January 2007
• December 2006
• November 2006
• October 2006
• September 2006
• August 2006
• July 2006
• June 2006
• May 2006
• April 2006
• March 2006
• February 2006
• January 2006
• December 2005
• November 2005
• October 2005
• September 2005

Blogroll

• CynergisTek
• Bruce Schneier
• InfoSecDaily

Compliance

• Continuity Central
• Compliance Pipeline
• SOX Compliance Journal
• Sarbanes-Oxley 101

Good Reading

• Log Management ROI
• Log Management Best Practices
• SANS Institute Log Management White Paper

LogLogic

• O’Reilly
• Anton Chuvakin
• LogLogic.Com
• Jian Zhen

LogLogic Partners

• Juniper Networks
• ONStor
• Counterpane
• Bluecoat

Sites We Watch

• InformationWeek
• CRN
• eWeek
• IT Manager's Journal
• The Reg
• TechWeb
• The Merc
• IT Architect
• C/Net
• Security Focus
• Slashdot
• SANS
• CIO Insight
• OSF DataLossDB | Data Loss News, Statistics, and Research