Logging Poll #4 "Who Looks at Logs?" Analysis

Time to analyze my final 2007 poll on logs. In it, I asked who actually looks at logs at the organization. Here is what came up: results are here and also included below.

 

What can we conclude from this?

First, an obvious conclusion is in order! No matter how many times one can utter the word "compliance," logs are still most useful for mundane (one would hope!) system administration. Yes, indeed, sysadmins are the primary consumers of logs - yesterday, today, and - likely! - tomorrow as well.

Second, I am saddened by the fact that application developers have not warmed up to logs, at least not en masse (and not according to this limited poll...). I am guessing when they start thinking of logging when creating their applications, they will be more aware of the fact that you can troubleshoot the applications using logs ...

Third, incident response team showing that low is some kind of fluke, I am sure. Everybody knows that logs are indispensable during incident response. Yes, even if only a little logging was enabled or even logging defaults left in place, logs often reveal answers unobtainable via any other mechanisms.

Next poll coming soon!

Posted by Anton Chuvakin on January 08, 2008 in Innovation , Log Management & Intelligence , LogEd , LogLogic News | Permalink | TrackBack (0)

Again, On Criticality of Logs

I just wanted to highlight two pieces that, again, speak - or, better, scream! - about the importance of logs. I suspect that LogBlog readers don't need additional motivation to take logs seriously, but these are just too useful to skip.

First is the interview with some convicted criminal hacker, who said that '... it would have been easy for IT and security managers to detect him in their companies' systems ... if they'd been looking. The problem was that, generally, no one was paying attention.

"If they were just monitoring their boxes and keeping logs, they could easily have seen us logged in there," he said, adding that IT could have run its own scans, checking to see logged-in users."'

Amen to that! Indeed, many of the successful-and-then-undetected attacks are due to incompetence. Why? 'Cause lacking logs or ignoring logs is indeed negligent and incompetent!

Second, is my comment on the TJX case, which kinda follows the same idea: 'Dr. Anton Chuvakin, a security expert with LogLogic, said TJX [probably] didn't have decent logs. "What took TJX months was looking at all their systems and determining who took what data, from where, where it was sent, etc. The investigation took them months. They likely didn't have any logs, because they had to do system forensics rather than log analysis to arrive at their conclusions about who stole the data and how. If they had collected and analyzed log data centrally, the investigation would have been a piece of cake," he said in an e-mailed comment to InternetNews.com.'

Indeed, doing disk forensics to know who did what is much more painful than checking reliable logs. Save yourself by logging, then saving and reviewing the logs!

So, one more time (not the last, mind you!):

• Make sure you have and collect logs (here are 11 reasons for that)
• Make sure you look at logs (here are the 11 reasons)

Posted by Anton Chuvakin on December 11, 2007 in Log Management & Intelligence , LogLogic News , LogMatters | Permalink | TrackBack (0)

Project Lasso 4 Released

Project Lasso 4.0 is out! Project Lasso has been downloaded more than 10,000 times since its launch in 2006. Project Lasso can be used for collecting Windows events and sending them to Syslog servers. When used with LogLogic 4, Windows events can be alerted and reported on in real-time, securely stored, and easily shared with other applications and dashboards.

Project Lasso collects all log data from Windows hosts without the need for any agents or code installed on the remote system - this speeds up deployment and reduces administration, leading to a much higher ROI. Windows DLL files contain critical information relating to the log messages themselves.

LogLogic has cracked the code on remote collection by combining the log data and the DLL information to produce actionable information in a format that allows it to be more rapidly searched and reported against.

LogLogic customers using Project Lasso in conjunction with LogLogic's Log Management Data Warehouse can combine Windows, Active Directory, Microsoft SQL, Exchange, IIS and ISA information with all the other platforms and applications (including custom or homegrown) within their enterprises.

For the first time large enterprises have an ability to track a user or IP address (on a global basis) from the time a connection is made (internally or externally) to every system and application that is then accessed. This end-to-end user activity monitoring and reporting from a single interface is proving invaluable to large enterprises needing to meet governance, risk and compliance requirements.

Project Lasso is available for free as a download from http://www.loglogic.com/logforge/

Posted by Andrew Lark on August 02, 2007 in LogLogic News | Permalink | TrackBack (0)

NetBoundary Introduces LogLogic Technology For Mid-Sized Businesses

NetBoundary standardizes it's log management service on the LogLogic platform

Dallas TX., May 1, 2007 - NetBoundary, a provider of managed security services to the mid market, today announced the availability of a hosted log management service delivered on Loglogic's industry leading log management platform. Loglogic, according to the Gartner Group, helps address the complexities associated with monitoring, analyzing, retaining, and storing logs from across the entire IT infrastructure from databases to applications.

Monitoring log data is critical for any company that falls under regulatory requirements. NetBoundary's log management service provides it's customers with the ability to log, track, and analyze user and system activity, helping them to more rapidly prevent, detect and respond to security breaches as well as to quickly comply with mandates such as SOX, HIPAA, PCI, FISMA as well as a variety of IT frameworks such as ITIL and ISO/ITSM.

"NetBoundary has a long history of monitoring network and operating systems log data. With the addition of this service we are now extending our managed security services all the way to the application level to give our customer's even greater insight into their IT operations and business simultaneously," said Trevor Jennings, vice president and co-founder.

NetBoundary's log management service offers broad support for log data sources including operating systems, databases, and applications. The log management service also provides a service-based approach to monitoring custom applications and other log data sources that are not pre-defined or typical of suspicious events.

"Today, centralized logging and monitoring of application-level events are being driven by increased regulatory compliance, highly publicized data theft incidents, the changing nature of vulnerabilities and the increase in targeted application-level attacks," continued Jennings. "Log management helps minimize the risks."

The NetBoundary hosted log management service is based on technology from LogLogic, the proven market leader in Log Management & Intelligence. The service through NetBoundary includes an optional on-premise solution that stores and processes raw logs at the customer's site, with alerts sent to NetBoundary's centralized Security Operation Center (SOC) for ticketing, analysis, and response. In addition, NetBoundary offers a hosted solution where all log data is stored by NetBoundary. Reporting will be available through the NetBoundary Enterprise Security Portal, allowing customers to see events that have been captured and assign reports to users who sign-off once they have completed their review process, helping to expedite audit activities.

"Increasingly we are seeing IT take security to the next level by turning to managed services implementations that include log intelligence," said Robert Yusin, Vice President of Field Operations, LogLogic. "Log Management takes security beyond just protecting customer data and ensuring the integrity of corporate assets, delivering a comprehensive view of all system and user activity, policies and business impacts. With a log service, enterprises can easily address the complexities associated with monitoring, analyzing, retaining, and storing logs from databases and across other critical infrastructure."

According to Forrester Research, "Most security professionals still spend a good deal of their time analyzing technical threats, and how to use technology to counter them. Security folks still need to make sure logs are examined, vulnerabilities are identified, and systems are protected." ("Bridging the Security Divide" Forrester Research, January 2006).

• Key benefits of NetBoundary's log management service include:
• Ability to have data sources monitored 24x7x365;
  Ability to meet compliance requirements for log monitoring and retention;
  Real-time correlation and analysis; and
  Ability to leverage NetBoundary's consulting and engineering teams to implement solutions for a broad range of log sources;
  Pricing is based on a monthly service fee based on volume of logs and storage requirements.
• About NetBoundary
  Founded in 2000, NetBoundary, a pure-play information technology Managed Security Service Provider (MSSP), has focused on improving its customer's security management. NetBoundary's security expertise includes managed security services, security monitoring, alerting and compliance reporting. By partnering with the industries leading technology security providers, NetBoundary is able to provide clients the most comprehensive and cost effective security management and monitoring solutions on the market, many of which can be installed in less than one hour. NetBoundary serves a diverse client base that spans a broad range of industries. These Clients, faced with limited resources and budgets, often require the types of services provided by NetBoundary. NetBoundary specializes in out-sourced managed security services that provide a cost effective alternative to providing these difficult to manage and expensive services in house. With solutions that not only help to meet but also, maintain the ongoing technical and 24x7 monitoring requirements of compliance standards.
  For additional information on NetBoundary's Managed Security Services, please visit: (http://www.NetBoundary.com or call (888-698-3563)

Posted by Andrew Lark on July 18, 2007 in LogLogic News | Permalink | TrackBack (0)

Log In at the Za Za in Dallas

Join LogLogic and Accuvant at the Hotel Za Za in Dallas May 24th for a seminar, as we reveal break through technology that brings new visibility to your Enterprise log data. Followed by a cocktail reception, poolside at the Urban Oasis.

Enhanced capabilities in log management such as Multi-dimensional search, universal log processing, open log services platforms, and log data warehousing are bringing power to IT departments. Make your IT department superheroes by giving them the tools to help mitigate threats to your Enterprise data and comply with mandates with ease.

May 24th, 3pm Seminar; 5-7 Cocktail Reception poolside at the Urban Oasis

RSVP

Space is Limited, Please RSVP today!

Posted by on May 10, 2007 in Log Management & Intelligence , LogLogic News | Permalink | TrackBack (0)

Introducing LogLogic 4 - The most advanced log management platform on the planet

Today is a very exciting day for us. The most advanced log management and intelligence platform on the planet is here.

LogLogic 4 has arrived......You can order it today.

We are excited to launch a product that contains so many new innovations --- with great kudos to our engineering, our QA, our marketing, our entire company (and many of you unnamed customers who helped us in beta testing over the past several months!) to come up with an open, flexible log management and intelligence platform that not only provides insight into IT operations for deep forensics, but also equally performs reporting for rapid compliance regulations -- and does both equally well.

Breaking down log barriers

LogLogic's Log Data Warehouse breaks down silos of log data from across the enterprise. New LogLogic 4 replaces log silos with a secure, distributed, efficient platform, centrally storing log data and streamlining access to and reporting on key information needed to demonstrate compliance, answer legal inquiries or investigate security and/or performance incidents.

On top of that we introduce new aggregated search across multiple LogLogic ST systems to reduce the time and resources needed for forensic analysis.

LogLogic 4 has over 30 new major features, performance improvements and innovations. The the top new features are .....(Drumroll please) ....

New Multi-dimensional Analytics -- a log management first -- mashes "Google-like" search with reporting on indexed data and rapid drill-down capabilities through simple "drag-and-drop" menus. Other solutions only use a single dimensional search. We are the first product to deliver both parsing (multi-dimensional searching, categorization and reporting) as well as indexing (one-dimensional search and reporting) in a single platform. It is kind of like looking at data from the side, the top and every other angle at once.

Our Services Oriented Architecture (SOA) and open API lets users develop their own log analysis applications - or easily integrate log data with existing SIEM deployments, operations consoles and management dashboards, strategically extending LogLogic's platform completely across the Enterprise.

New LogLogic Quad-Processing technology lets users run queries and reports in seconds instead of the hours competitive solutions need to continually reprocess data. This is where speed comes in. The key to log management and intelligence is in the architecture and how you deliver the information, and with LogLogic 4 we do it faster.

With LogLogic's Open Log Services platform, our users can create web portals and custom dashboards to track compliance, risk mitigation and forensic activities and to automate various compliance and business processes. With an open SOAP/XML architecture, we integrate with a wide variety of networking and security devices, as well as legacy applications and systems. This lets us play nice with SIM/SIEM from other vendors.

LogLogic's Agile Reporting sets the bar for what happens after search, allowing IT environments to respond quickly to shifts in the business and changes in reporting. LogLogic lets IT create more than 15,000 highly customized reports from 24 easy-to-use templates, as well as reports for SOX, HIPAA, PCI, GLBA, FISMA as well as COBIT 4.0, ITIL and ISO 17799 frameworks, within seconds and requiring no vendor intervention or costly professional services.

New Universal Log Processing extends reporting, search and alerting capabilities to log data and audit trails from any source - including homegrown and business applications - without requiring any custom development. Introducing this "industry first," LogLogic delivers out-of-the-box analysis on all logs - with no scripting, customization, or waiting for a new device type to be supported, finally putting an end to the 'supported device' race that has plagued the SIEM industry for years.

We hold more data. LogLogic 4 ST systems offer over double the storage capacity now. Two times more than before. Oh, and if you already have a storage system in house that you like? We play nice with it. (Really!) Say you are doing compliance using WORM-based storage for immutability. We support that too - plus we are certified to work with all the top products from the major vendors like NetApp Snaplock, EMC Centera, and Nexsan Assureon.

Do you TiVO? Or Sky in the UK? With new LogLogic 4 we introduce Log Replay. This lets you take log data from a year ago and mix it up with log data from today, and report on all the data in one single report. Isn't that cool? Can you say predictive analysis!

We're green. LogLogic 4 runs faster (over 75k messages per second), but with over a third less power -- which is a really big deal in the datacenter owing to power costs and global warming.

Check out LogLogic 4, the most advanced log management platform on the planet.

Technorati : Cobit, Event Management, LMI, Log Management, LogLogic, PCI, Sarbanes-Oxley

Posted by Jill Ratkevic on April 16, 2007 in Log Management & Intelligence , LogLogic News | Permalink | TrackBack (0)

Survey Says: Log Management

LogLogic has teamed up with the SANS Institute to conduct an independent Research Study on the emerging need for log management and intelligence in the enterprise. Last year's study was pivotal in uncovering the logjam enterprises face estimating that up to 25% of all data generated in teh enterprise is log data.

Andrew Davies of the University of California at San Diego confirms this trend, "Rapid evolution of our entire enterprise IT infrastructure has resulted in exponential growth of data. This is requiring a reassessment and automation of log auditing methods."

In appreciation for your help, your name will be entered into a drawing to receive a Nintendo Wii being given to survey participants. The survey will close after the first 600 participants have completed the questionnaire.

The survey will take only ten minutes of your time and your email address will only be used to notify you if you have won the Wii.

Your valuable input will help us understand how to improve log management and intelligence to support your IT and business needs for everything from forensics to compliance.

SANS will keep individual information confidential and treat data collected from you in accordance with Market Research Association (MRA) Code of Ethics.

Technorati : Compliance, LMI, Log Management, Log Management & Intelligence, forensics

Posted by Jill Ratkevic on April 09, 2007 in Innovation , LogLogic News | Permalink | TrackBack (0)

SANS What Works In Log Management Summit 2007

If you don't have this on your calendar it's time to make the date! SANS WhatWorks in Log Management Summit is set to kick-off April 23 to 25 here in Silicon Valley.

LogLogic will be there along with customers and partners (all of us are presenting at some point). If you are a LogLogic customer and planning on attending, let us know - we'd love to host you for dinner.

Posted by Andrew Lark on March 26, 2007 in Log Management & Intelligence , LogLogic News | Permalink | TrackBack (0)

Kick off RSA with us on Monday

Are you going to the RSA Conference in San Francisco? Kick off the event with us.

Raise a glass with LogLogic on Mon Feb 5th at 6pm at TWO restaurant to celebrate a year of innovation and growth! 

Mingle with users, industry luminaries and and raise a glass with all us loggies! 

We want to thank you for your support and celebrate as we doubled our customer base and are debuting breakthrough features into the world's leading log management and intelligence platform.

We are entering 2007 with a bang and are in the mood celebrate. Cocktails and appetizers. A Nintendo Wii will be given away! Your RSA badge gets you in. Be sure to RSVP at RSVP@loglogic.com.

Posted by Jill Ratkevic on February 04, 2007 in LogLogic News | Permalink | TrackBack (0)

Log Intelligence Jumps Outside the Box at VeriSign

It's been a busy week for the LogLogic team. We have teamed up with VeriSign to offer customers Log Intelligence for Managed Security Services. Log Management continues to explode on the scene as an effective way for enterprises to address the complexities associated with monitoring, analyzing, retaining, and storing logs from servers, applications, databases and other critical infrastructure.

Together with VeriSign, LogLogic enables enterprises to make better operational and financial decisions by providing a holistic view of system and user activity, policies and business impacts. With over 25% of all enterprise data from log files, LogLogic's log intelligence platform includes sophisticated analytics to help customers understand the impact of security policy violations, internal and external threats or services quality changes, and to meet compliance regulations from Sarbanes-Oxley to HIPAA and PCI.

We are able to offer log intelligence as a service because our Open Log Services Architecture delivers a log management platform on which differentiated offerings can be built because it is based on a Service-Oriented Architecture (SOA). Combining 100% log collection at speeds exceeding 50,000 messages per second for a single appliance with Agile Reporting & Alerting, 'Google-like' search and secure storage. These features allow MSS providers to bring a new level of insight and services quality to customers.

Also the technology behind this is scalable and reliable due to its distributed, parallel processing architecture that is both highly available and fault tolerant. By adding Universal Log Processing, we are able to analyze logs across all sources -- even custom homegrown applications. This is markedly different than traditional solutions that use agent-builders or an SDK with professional services. Those options are just not practical when you are addressing hundreds of applications or devices per customer. We base log intelligence on Open Log Services and Universal Log Processing as the best way to deliver out-of-the box support for any homegrown text-based log data via natural language processing, statistical algorithms and full-text indexing technology.

Log Intelligence is now literally out of the box as a service. Offered by VeriSign, too. We really love logs!

Technorati : Cobit, Compliance, Event Management, LMI, Log Management, LogLogic, Sarbanes-Oxley

Posted by Andrew Lark on September 07, 2006 in LogLogic News | Permalink | TrackBack (0)

eWeek on LogLogic 3 - "Divine"

eWeek Labs gives LogLogic3 top honors for log source detection, installation, and reporting. Read what eWeek Labs has to say:

"IT managers who want to divine application, system and network problems with log data should consider the latest version of LogLogic's namesake platform... LogLogic 3 will play a significant role in reducing what we call "audit friction" while simultaneously pinpointing possible security problems, such as the creation of unauthorized accounts on systems that contain sensitive data..."

Technorati : Log Management, LogLogic

Posted by Andrew Lark on July 17, 2006 in Innovation , LogLogic News | Permalink | TrackBack (0)

LogLogic Makes The Always On 100

The 2006 Always On (AO) 100 list showcases top innovative private companies demonstrating market traction and the ability to disrupt existing markets - and LogLogic is on the list! Thanks to our customers, partners and employees for all their support.

"Once again, we received more than 1,000 high-quality nominations for this year's AO100 list, so there's clearly still a healthy market for innovation in the high-tech sector," said Tony Perkins, founder of AlwaysOn. "All of this year's winners are demonstrating significant market traction and are pursuing game-changing approaches and technologies that are likely to disrupt existing markets and entrenched players. The huge success of last year's winner, Skype, is proof that innovation can appeal to the mass market, and we hope that many of this year's winners will go on to achieve similar success."

In order to make the AO100 list, companies had to be peer-nominated, with AlwaysOn receiving more than 1,000 nominations from venture investors, investment bankers and other industry experts.

Posted by Andrew Lark on July 12, 2006 in Blinks , LogLogic News | Permalink | TrackBack (0)

LX2000 | Five Stars & Best Buy From SC Magazine

LogLogic's LX 2000 just scored five stars and a "Best Buy" rating from SC Magazine. Here is some of what they had to say:

"The LX 2000 is as feature-rich as anyone could wish. Its displays are straightforward and one can perform a wide variety of analysis with relative ease. Coupled with the ST 3000 large-scale storage appliance, the LX 2000 becomes an extremely powerful tool for managing, analyzing and archiving huge amounts of data. Documentation comes as a set of PDF files on a CD. The manuals are clear and comprehensive, with all the detail needed for most tasks. Specialized tasks need to be referred to LogLogic support, and we found support for the LX 2000 to be first rate."

Technorati : LMI, Log Management, LogLogic

Posted by Andrew Lark on July 07, 2006 in Innovation , Log Management & Intelligence , LogLogic News | Permalink | TrackBack (0)

Project Lasso Momentum Continues

It has been a month since the open sourcing of Project Lasso. It has been extremely exciting and rewarding to see the community supporting and embracing the project.

A few quick updates on Project Lasso. First, the official repository for Project Lasso has finally been established on SourceForge. All project releases as well as the source code are now available there. LogLogic is committed to the ongoing development and support of Project Lasso. However, if you would like to contribute, in any form (development, testing, documentation), please do not hesitate to contact us. We are always looking for enthusiastic volunteers.

Second, since the release of Project Lasso, there were close to a thousand downloads of the Project Lasso binary and over 1500 viewings of the documentation. The activity level on lassolog.sourceforge.net remains extremely high and the community has been extremely supportive. We are starting to see Project Lasso used in many IT to centrally collect Windows events.

Third, in collaboration with our partner EMC, we have successfully collected audit logs from EMC's Celerra file server using Project Lasso. EMC's Celerra system is a high performance, and highly secured, Windows 2003 file server. Because of the hardened security settings, no agent solutions can be installed on the Celerra server. However, with Project Lasso's remote collection mechanism, we were able to collect the extensive file system audit logs provided by Celerra. These audit logs are essential to many companies security and compliance projects.

Many more exciting updates to come, stay tuned...

- Jian

Posted by Andrew Lark on June 01, 2006 in Log Management & Intelligence , LogLogic News , Project Lasso | Permalink

LogLogic and the SANS Institute Sponsor Industry’s First Log Management Summit

As the proven industry leader in transforming log data into critical intelligence for compliance, operations and security, we're thrilled to announce that with the SANS Institute we have created the only major conference on what works in log management, to be held in Washington, D.C. on July 12-14.

This promises to be a great event with more than 20 speakers - mostly users - speaking to best practices and leading-edge approaches. Moreover, it will go beyond security and network intelligence to look at more complete approaches to LMI spanning operations, IT controls, compliance and SLAs. Here's what Anton has to say:

It's time for log management to move beyond network intelligence and security event management, said Anton Chuvakin, director of product management, LogLogic, and member of the SANS Organizing Committee. Log management and intelligence has established itself as a critical discipline in medium to large enterprises. Activities such as compliance, information protection, audit, availability and user monitoring and risk mitigation are driving a new set of practices and policies. Our commitment to and participation in this event is further evidence of our support for the global log management and intelligence market. We look forward to sharing this event with our customers and partners.

If you are a LogLogic customer or partner and interested in attending, be sure to use the promo code to get a discount: LOGLOGIC10.

Posted by Andrew Lark on May 30, 2006 in Log Management & Intelligence , LogEd , LogLogic News | Permalink

Red Herring 100

LogLogic wins a place on the Red Herring 100. Congratulations to the entire team driving LogLogic's success. This is another endorsement of our strategy and market momentum. Here is what Red Herring had to say:

"While it was easy to pull out the first few hundred companies that stuck out like tufts of elephant grass, before long we were forced to strictly apply criteria designed to locate the companies with the most potential. Young firms with revolutionary offerings, raw potential, and a dash of risk were the ones most likely to make the final cut."

Posted by Andrew Lark on May 26, 2006 in Blinks , LogLogic News | Permalink | TrackBack (0)

Growing Team LogLogic

LogLogic is growing fast. Very fast. This week we're on the hunt for a technical support engineer.

If you love working with customers, solving complex problems and working with leading-edge products, LogLogic might be your next move. In this role you'll be responsible for external customer support and customer satisfaction. You can learn more here. There are also plenty of other opportunities to join the log management and intelligence leader.

We're also beefing-up our marketing team. So, if you get blogs, wikis, channel & community marketing - and - have a real passion for working with sales to accelerate their success, drop Andy an email.

Posted by Andrew Lark on May 09, 2006 in LogLogic News | Permalink | TrackBack (0)

Looking Back At Interop

We're catching our breath after a crazy week at Interop and the launch of LogLogic's PCI Compliance Suite, Project Lasso and Log-ED training programs. If you're interested in reading more, here are a few of the highlights:

• Infoworld on LogLogic getting into Open Source
• NetworkWorld on Vendors easing compliance
• Cnet on LogLogic adding an open source foundation
• The Register on users not having to mess around with Windows agents

There was plenty more written, all pointing to the intersection of logs and compliance - and logs and open source. Expect more from us in both areas in the coming months.

Posted by Andrew Lark on May 08, 2006 in Compliance , LogLogic News | Permalink

SANS Log Management Summit

In what is clear recognition of the distinct Log Management and Intelligence (LMI) Market, SANS is staging what is to the best of our knowledge, the first LMI Summit.

The SANS 2006 Log Management Summit, on July 12-14 in Washington DC at the Wardman Park Marriott Hotel, is a must-attend event that focuses on what works well in log management – the best practices. 

The Log Management Summit is a user-to-user, non-commercial conference where you can learn about the strengths and weaknesses of competing technologies, where users will share the lessons they have learned and take an early look at the results of SANS’ assessment of what types of log management intelligence and reporting are most effective in actually improving security. The Summit is your opportunity to go beyond regulatory demands, gain control of your log management and ensure that the system your organization has in place is doing all that it can to improve your organization’s security.

Posted by Andrew Lark on May 08, 2006 in Log Management & Intelligence , LogLogic News , LogMatters | Permalink

Growing the Log Management Community

With Project Lasso and Log-ED we are signaling our commitment to the growth of the global log management community.

Project Lasso represents hundreds of hours of work on our part. We initially started with the great work done by the Intersect Alliance on "Snare" a Windows-based event management and collection tool. It quickly became clear that in order to meet our customer's needs, we'd have to take a very different tack. Today, less than 25% of Project Lasso is based on Snare - and it relates mostly to event message expansion and Windows SDK inconsistency handling.

The flow control, multi-threading, and remote access is all developed by us. Here are some of the big shifts and main changes we had to make:

1. From single to multi-threaded. Required in order to collect tens of thousands of event logs centrally.
2. Central, agentless log collection. This reduces both the processing and storage overhead, and management and maintenance effort for system administrators.
3. TCP Syslog for faster, more secure transport

We also chose not to do some of the things that Snare offers - like a GUI. We see Project Lasso as principally being used by ISVs, SIs and the LMI community at large in the context of other applications and tools. Our effort here reflects our focus on creating new tools and platforms that will drive Open Log Services.

And we'll be offering and supporting Project Lasso as an ingredient in our overall log management and intelligence solutions.

We'll be posting on Log-ED shortly - you can read more here.

Posted by Andrew Lark on April 30, 2006 in LogLogic News | Permalink

LogLogic PCI Compliance Suite Debuts

LogLogic today made the billions of log messages generated by retailers and merchants using credit cards available for enforcing, auditing and automating the requirements and controls related to the Payment Card Industry (PCI) data security standard. LogLogic Compliance Suite PCI Edition delivers more than 80 customizable PCI reports and alerts. Here's what Scott Crawford from EMA had to say:

“Processes such as saving logs, keeping an audit history of one year, and having a process where all audit trails are available to recreate certain events, are all requirements for the PCI data security standard. LogLogic’s compliance solution for PCI directly addresses these areas and helps businesses better manage compliance costs while increasing efficiency and accuracy for these compliance-critical activities.”

So what sets LogLogic's Compliance Suite apart from others?

1. LogLogic LX and ST appliances enable merchants and retailers collect and securely store log data to meet specific PCI mandates – and to attest to the implementation of controls. It's not enough just to show that you are, for instance, storing log data for the year-long period suggested. You need to also show you are executing against the processes established to make that happen
2. LogLogic Compliance Suite: PCI Edition delivers out-of-the-box reports and alerts on specific PCI requirements such as those in Section 10.
3. Then, by aligning reporting and alerting with COBIT 4.0 controls, the LogLogic Compliance Suite: PCI Edition enables enables you to attest to and report on broader PCI mandates. These same reports can be used for a variety of other regulations such as SOX where the controls are applicable.

Other announcements from Interop include Project Lasso and the launch of Log-ED. Watch for updates from the show floor.

Posted by Andrew Lark on April 30, 2006 in LogLogic News | Permalink

Interop Is Nearly Here

We’re gearing up for a big week at Interop next week. We’ll be on the show floor so swing by if you are in Las Vegas – there’s plenty of new LMI innovations to see and you’ve got a pretty good chance of winning an iPod!

You will also be able to see us in InteropLabs, and, we’ll be collecting, storing, alerting and reporting on all the logs from InteropNet and our partners at the show.

If you’d like to meet in person, drop us an email. See you in Las Vegas!

Posted by Andrew Lark on April 27, 2006 in LogLogic News | Permalink

Log Fear

Fear can be a powerful motivator. It is driving many companies to accelerate their compliance efforts and accelerate others - such as information protection. These broad-based priorities are also driving demand for log management and intelligence.

Stephen Wagner and Lee Dittmar hit on the power of fear as a motivator in a current issue of the Harvard Business Review - and how as a result smart companies are finding unexpected benefits in Sarbanes-Oxley compliance. Some of the highlights are pulled out over at ComputerWorld - here they are with a few annotations from us:

What were some of the big control gaps that early Sarbanes-Oxley compliance efforts uncovered?

WAGNER: One of requirements of internal controls is maintenance of records in reasonable detail that reflect transactions. We found [that] in many instances, control documentation was way behind or didn't exist.

[We see this often when implementing LMI platforms - previous approaches meant Log data was being edited down to serve applications - often SIEM; not correctly captured; and, randomly stored].

DITTMAR: And organizations didn't know what their control programs consisted of. They knew they had them, but as one told me, it was "kind of tribal." There was no consistency in how they did it. We found uncontrolled access to systems that are important to maintaining the integrity of financial reporting.

[We see the same. Log data can automate reporting, alerting and enforcement of controls. But you need controls to start with.]

LMI plays a key role in any compliance effort and this piece throws more light on the best practices that should underpin it.

Posted by Andrew Lark on April 11, 2006 in LogLogic News | Permalink | TrackBack (0)

LogLogic and NetApp Partner

NetApp users will now benefit from the monitoring, alerting and reporting offered by LogLogic. Not only will we help NetApp's customers automate this process, we'll deliver enhanced levels of reporting and alerting for COBIT 4.0, SOX, HIPAA and PCI.

To deliver on this promise, LogLogic currently integrates with NetApp unified storage systems, NetApp NetCache systems, and Decru encryption appliances. LogLogic will also integrate with NetApp SnapLock software to provide critical log data aggregation, reporting, alerting, Write Once, Read Many (WORM) retention and security.

Jerry Shenk of the SANS Institute had this to say: "The integration of LogLogic and NetApp storage can help users gain an exact understanding of threats and compliance."

Posted by Andrew Lark on April 03, 2006 in LogLogic News | Permalink | TrackBack (0)

Log Guru Joins LogLogic…

We continue to grow our world-class team, today announcing that Anton Chuvakin joins us as director, product management from netForensics where he was chief security strategist.

He is the author of a book “Security Warrior” and a contributor to “Know Your Enemy II”, “Information Security Management Handbook”, “Critical Threads 2006” and the upcoming “Hacker’s Challenge 3”. Anton maintains the Info-secure security portal and blogs at O’Reilly and on his own blog.

Anton is also a frequent speaker and writer on log management intelligence related topics including “Log Mining for Security”, “Log Analysis for Incident Response”, “Log Mining and Advanced Analysis”, “Security Metrics”, “What Every Organization Should Monitor and Log”.

Expect to see more of Anton here and www.chuvakin.org.

Posted by Andrew Lark on March 21, 2006 in LogLogic News | Permalink | TrackBack (0)

LogLogic - The Industry's Best Security Forensics Tool

Last night we scored our second big win of the year with LogLogic 3 named by SC Magazine as the industry's best computer forensics tool. We were also a finalist in SC Magazine's security audit category - and with LogLogic Compliance Suite now launched we will be back next year for that one :-)

The win comes hot on the heals of being named by Info Security as one of the industry's hottest. Congatulations to all our employees, customers and fans that made these terrific wins possible!

Posted by Andrew Lark on February 15, 2006 in LogLogic News | Permalink | TrackBack (0)

Launching The LogLogic Compliance Suite

It’s been another big week for the LogLogic team and our customers. LogLogic 3 release 2 adds a ton of new features – 50 plus in fact. And we launched our Compliance Suite. I’m guessing we’ve demoed the product a couple of hundred times in the last week, during which several general themes came through loud and clear:

1. There is a huge operational pain-point that LogLogic solves. Dealing with log data – and hunting for what is invariably a needle in a haystack isn’t enough. People are looking for ease of reporting, alerting and storage. As one attendee said – “a tool that still requires me to write a ton of scripts – or takes hours to generate reports – isn’t of much use”. We’ve talked lots in the past about being like Google. It seemed that everyone wants to be the Google of something. But here’s the catch – Yahoo is a great customer and hugely successful. Drawing a parallel with Yahoo is probably more appropriate for another reason. That is, we provide much deeper utility than simple search. Much like Yahoo is a window into your life. LogLogic is a window into your IT infrastructure.
2. LMI is not SIEM. They are complementary; they both make use of log data. But they are different. It was interesting the number of Enterprises with a SIEM that were now looking for LMI to address a broader pain point.
3. If compliance is the end-game, then controls are the means to getting there. So the end-game is SOX, PCI, HIPAA – pick your flavor of regulation, but to get there you need to implement and then automate controls. People aren’t interested in vendor driven controls – or just security controls – they want tools that align with industry standard best-practices. So, the first release of our Compliance Suite was welcomed for the fact that it aligned with COBIT 4.0. The fact you easily tailor these reports is a big bonus.
4. Real-time correlation across devices using behavioral anomaly detection is cool. We demonstrated the ability for LogLogic 3 to detect a user - still present on the network after being terminated – entering the network, accessing information in Oracle databases and source code repositories and then emailing that data to private email accounts. Rather than just security events we looked at all kinds of user activity and painted a full picture of the incident occurring.
5. People quickly get to all the other things LogLogic can do for them – rapid responses to HR requests on; quick resolution of user authentication and access issues; fine tuning of large network deployments; aggressive alerting on Oracle financial databases; automation of email retention policies… the list is a long one…

So, all in all, a very exciting week. Thanks to Chris and the team at DEMO! for selecting us as one of the exclusive few to present. It was an incredible experience.

Posted by Andrew Lark on February 14, 2006 in LogLogic News | Permalink | Comments (1) | TrackBack (0)

EMC Smarts Gets LogLogic Powered

Last week we announced that for the first time, enterprise-wide intelligence based on log data is available through EMC Smarts. If you are using Smarts, you can now use LogLogic's monitoring, alerting and reporting for security and compliance.

In InfoWorld, information security analyst Jon Oltsik of Enterprise Strategy Group said, "It certainly makes sense for LogLogic to team with Smarts. Security and network operations are merging in many companies so security visibility is essential."

While InfoWorld’s story highlights the growing value of log data as "an important resource for companies to access so they can better monitor their systems' behavior and watch for anomalies,” eWeek sees the news as "enabling organizations to bolster their internal log discovery and log administration processes to help simplify and streamline overworked risk management and compliance efforts."

All right on the mark.

If you want to read more, take a look at SecurityPark, ComputerWorld, SearchStorage, and eBizQ.

Posted by Andrew Lark on January 25, 2006 in LogLogic News | Permalink | TrackBack (0)

Hot News From LogLogic

Loglogic's strategic reseller partnership with information security company Patriot Technologies, Inc puts our award -winning Log Management appliances on Patriot’s GSA Schedule for simplified purchasing by federal, state and local government agencies.

We also released SANS testing of the LogLogic series 3, LX 2000 with all kinds of new 'landspeed records' - and we announced that we have secured two finalist nominations – one for “Best Computer Forensics” and the other for “Best Security Audit” - in the SC Magazine Awards for 2006 (more than 1300 products and services were considered by a panel of network security industry experts). This is the second year in a row that LogLogic has been named as a finalist by SC Magazine. Thanks for voting and all your support!

Posted by Andrew Lark on January 09, 2006 in LogLogic News | Permalink | TrackBack (0)

Welcome to 2006!

Looking back at 2005 for a minute I want to thank all our customers and partners for the support and insights you’ve provided. It was a big year for LogLogic. We released LogLogic 3, the third-generation of our award-winning log management and intelligence solution. We saw incredible growth in, and validation of, the log management and intelligence market (LMI) driven by compliance and a focus on automating controls and processes. And we had major wins in every market segment - which we supported by expanding our channels and global footprint.

LogLogic 3 is a major evolution for our product, providing compliance and risk mitigation capabilities never before thought possible. After being burdened for far too long by the cost and complexity of security and log management tasks, our customers can now take advantage of automated, enterprise-class log intelligence, including real-time alerting and reporting, lightening-fast search and scalable, secure storage. The distinction between LMI and security event management/ homegrown scripts has never been clearer.

Continue reading "Welcome to 2006!" »

Posted by Andrew Lark on January 05, 2006 in LogLogic News | Permalink | TrackBack (0)

Join Us & The Reymann Group | Tuesday Nov 8, 11.am PSTam

Paul Reymann and Dominique Levin will be speaking to how to enable mandated compliance, proactive risk management and operational efficiency. Paul is really worth listening to - he is one of the nation's leading regulatory experts and co-author of the Gramm-Leach-Bliley Act Data Protection regulation. Register today!

Posted by Andrew Lark on November 02, 2005 in LogLogic News | Permalink | TrackBack (0)

FREE WEBCAST: “Where IT Audit Meets Investigation”

Tuesday, November 1, 2005 | 8 to 9 a.m. PST / 11 a.m. to 12 noon EST

Join us and partner Blue Coat Systems, a leading provider of proxy appliances, in a live Webcast that illustrates how enforcing Web security and auditing Web activity is crucial to presenting accurate information at the right time for auditing or investigation as a result of compliance or corporate governance requirements. Register now!

Gerard M. Stegmaier, an attorney who focuses on the defense of securities class actions, shareholder derivative suits and SEC enforcement actions will also be speaking. Mr. Stegmaier also litigates on behalf of and counsels clients concerning public and private corporate governance and Internet issues related to privacy and information security.

We will address topics including: Once you have received your compliance audit results (such as HIPAA or SOX), does that safeguard organizations from facing legal inquiries?

Today’s compliance statutes such as Sarbanes-Oxley and HIPAA are keeping IT departments working fast-and-furious as they implement best practices for risk mitigation including enforcing and auditing security policies. Current practices require that organizations store 100% of all log data and measure security enforcement policies, while segregating the duty of policy enforcement and policy audit.

Posted by Andrew Lark on October 28, 2005 in LogLogic News | Permalink | TrackBack (0)

Vote For LogLogic Now!

SC Magazine's annual awards are coming to a close. Time is running out to vote for LogLogic as the best tool for computer forensics. A vote for LogLogic is a vote for you!

Posted by Andrew Lark on October 26, 2005 in LogLogic News | Permalink | Comments (1) | TrackBack (0)

Get Compliant. Improve Your Business.

IDC reports that respondents to their survey "The Compliance Chasm", indicated that they were not only anticipating improvements in financial management activities but overall business performance management as well. 88% of respondents said that Sarbanes-Oxley would have a positive impact on business performance. As a result, IDC reports, a number of organizations have now moved from viewing compliance as a burden to using compliance requirements as an opportunity to improve business processes and manage risk.

"Sarbanes-Oxley requires constant vigilance over financial reporting processes that can extend throughout the enterprise," said study author Kathleen Wilhide, director, financial compliance applications and BPM software at IDC. "As a result, it is no surprise to see that technology, including compliance software, is playing a vital role in the compliance effort. The implications of compliance software reach beyond meeting Sarbanes-Oxley mandates; the software also has the capability to contribute to increased efficiency and profitability across the organization."

Log management and intelligence is a foundational activity for achieving SOX compliance. We've got more info on our site if you are interested.

You can read more here.

Posted by Andrew Lark on October 20, 2005 in Compliance , LogLogic News | Permalink | TrackBack (0)

LogLogic 3 Makes Headlines

LogLogic 3 is generating plenty of interest worldwide as the launch rolls out. Here are some of the highlights:

• The Register: Start-up promises era of grand log collection
• Security Park - LogLogic helps organisations improve compliance, security and efficiency by collecting and analysing data
• ITSecurity.com - LogLogic 3 Launches: Mitigating Risk, Automating Compliance
• ITSecurity.com - LogLogic Expansion To Meet Demand For Compliance...

Posted by Andrew Lark on October 17, 2005 in LogLogic News | Permalink | TrackBack (0)

Big Day At LogLogic

Today was a significant one as we went public with LogLogic 3, launched a new loglogic.com and unveiled the logblog. I've spent much of the past two weeks with customers - all of whom have underscored the significance of what we are doing. Network operators, sys admins, security desk managers... and many more key IT resources, have had too much of their lives directed towards scouring through log files for critical information. The goal is a pretty simple one, turn these folks into heroes by providing them with the equivalent of Yahoo! (a customer) for infrastructure data.

There are three major data sources in the Enterprises today:

1. Public Data: all the stuff - files, documents, products that we have in the public domain. Getting at this stuff is pretty straightforward. You Yahoo! or Google it.
2. Unstructured Data: all the data inside the Enterprise that is more than often locked-up in applications, databases and other systems.
3. Infrastructure Data: all the data generated by applications, networking gear, servers, operating systems, mainframes and much more. To put it in perspective, Enterprises typically generate upwards of 40 terabytes of data in this class every year at rates exceeding 250 million messages per day.

It's in this last category that LogLogic 3 comes in. We make collecting, alerting, storing and reporting on this data as easy as finding critical financial information on Yahoo! today. Congratulations to all the team!

Posted by Andrew Lark on October 17, 2005 in LogLogic News | Permalink | TrackBack (0)

The LogBlog!

Welcome to the LogBlog! As you can see we've been testing and playing around with the LogBlog - first on TypePad and then using MoveableType. Over the past week we integrated the Logblog within LogLogic.com for a couple of reasons - we wanted it to be easy for customers and partners to connect to information across the sites and, we wanted both our blog and site searchable from within a single navigation bar.

Over the coming weeks you will start to see more posts from the team here at LogLogic. We're also inviting our customers and partners to post with us. Send us your thoughts and suggestions.

Our comments and trackbacks are turned on. The rules here are simple. If you are offensive, have an axe to grind or off topic we will delete the comment. This is all about establishing conversations and that's the acid test we will apply.

Thanks to the team at RD2 for their hard work on designing this and loglogic.com. They've done some innovative things that we'd be happy to share with folks. For instance, we can post to all major sections of loglogic.com using MoveableType. This gives us a single platform from which to manage content. Also, we've enabled RSS across the site.

Posted by Andrew Lark on October 17, 2005 in LogLogic News | Permalink | TrackBack (0)

More on our partnership with BlueCoat

SOX Compliance Journal has more on our partnership with BlueCoat. We're providing advanced support for the Blue Coat ProxySG family of appliances, which include the ability to provide ah-hoc, real-time reports on Web caching and Web surfing activity extracted from ProxySG log data. And, you can aggregate, archive, and quickly search unaltered Blue Coat logs to ensure compliance with requirements from Sarbanes-Oxley and HIPAA, as well as legal inquires if needed. Search-filter alerts from Blue Coat logs can also be set up to warn administrators of suspicious or unusual behavior.

Posted by on October 08, 2005 in LogLogic News | Permalink

Data Leakage in NY

Expect to see this more and more...

Information Leaks Leave University Students Vulnerable
By Eleazar David Meléndez
Spectator Staff Writer 
October 05, 2005

A harmless act of procrastination by a Queens College law student inadvertently uncovered what has become a massive headache for hundreds of City University of New York students, employees, and affiliates.

The university rushed to inform CUNY students last week that a security foul-up had compromised their confidential information. As New York Newsday first reported on Tuesday, the student, Googling her own name at a computer in the school’s library, found a set of documents that revealed the sensitive personal information of over 300 students. She told Newsday she recalled screaming, “What the hell is this?” in the middle of the library.

Posted by addymits on October 07, 2005 in LogLogic News | Permalink

CERT Pushes for Standard Malware Names

Newsfactor Network is reporting that CERT Pushes for Standard Malware Names

The U.S. Computer Emergency Readiness Team (US-CERT) has kicked off an initiative to create common names for Internet worms and threats.

The Common Malware Enumeration (CME) initiative aims to reduce confusion with the general public that is caused by disparate naming schemes for Internet threats.

A recent worm that used a known vulnerability in the Windows operating system, for instance, was referred to as Zotob.E by Symantec, W32/IRCbot.worm!MS05-039

Currently, Internet worms are often named using information about the virus or follow a description the author entered when crafting the malware. The new naming scheme uses a CME-number, with the first virus being called CME-1 and so forth.

Posted by addymits on October 07, 2005 in LogLogic News | Permalink

Compliance Tips from the Pros

SearchSecurity today has some tips to streamline and spearhead your compliance efforts.   

While many of you have undergone the rigors of meeting compliance requirements for Sarbanes-Oxley, some of you are new to the role, or are associated with companies that are just going public and have not previously been subject to this legislation. For those of you lucky enough to have drawn the assignment, the task may seem quite daunting. However, there are a few steps you might want to consider that could help slice sizeable task into manageable servings.

Posted by addymits on October 05, 2005 in LogLogic News | Permalink

Personal Data Breach Study

Two recent articles site stastics from New York-based global law firm of White & Case LLP who just released the results of a national survey on data security breach notification.   Computerworld's piece says

In a national survey of more than 1,000 victims of personal data security breaches, nearly 20% said they had already terminated their relationships with companies that maintained their data, while another 40% said they might do so. And nearly 5% of those surveyed said they had hired lawyers to seek legal recourse after their data was put at risk.

This SearchSecurity piece states

The goal in all of these laws is to ensure consumers know when they're at risk of fraud and identity theft. But such a measure does not come without consequences. Rather than be grateful for the notice, consumers are angry that the messages are densely written or void of details, and they're terminating relationships and even seeking damages in court.

Posted by addymits on September 30, 2005 in LogLogic News | Permalink

Compliance Glossary

Here is a great resource for all terms compliance from the folks at Compliance Pipeline. Once you have mastered  your terms, try this quiz.

Posted by on September 29, 2005 in LogLogic News | Permalink

Links & Blinks:: Sep 28, 05

IT Observer on something very relevant to LogLogic - automation of compliance efforts. We play a key role in automating aspects of any compliance effort concerned with infrastructure and transaction logs:

• What’s in store for compliance and information security efforts for the second year of Sarbanes-Oxley requirements? Fifty-eight percent of financial executives recently surveyed say improving the monitoring, structure, and vetting of their compliance controls is now a top priority. Half also plan to thoroughly vet existing business processes, and 43 percent want to further automate manual controls, especially for compliance-related reconciliation and security procedures.

Posted by on September 28, 2005 in LogLogic News | Permalink

Information Protection

With Port Authority, we've been speaking to the issue of information protection. Log management and intelligence plays a critical role in protecting information and mitigating risks. Take a look at our recent web cast for more.

InformationWeek reports that messaging reportedly makes financial industry vulnerable to compliance breaches:

“In an industry where protecting intellectual property plays a key role in the health of the business, it is troubling that more than 75 percent of the employees surveyed felt that it would be easy to send proprietary information outside of the company,” said Orchestria CEO Bo Manning. “As technology advances and more channels of communication are accessible in the work place, the potential for breaches will only increase.”

A systematic approach to log management and intelligence, with automated alerting and reporting on 100% of log data - not just the 4% or less that most SIEM solutions address - is a critical best practice for any IT organization looking to fill this hole.

Posted by on September 27, 2005 in LogLogic News | Permalink

New Loggies

 “LogLogic continues to attract world-class talent, underscoring the excitement and interest in the market for our groundbreaking solutions,” said Christopher D. Brennan, president and chief executive officer at LogLogic. “Driven by compliance, security and risk mitigation, enterprises of all kinds are standardizing and automating their log management processes – from storage and reporting to proactive alerting on security and other issues. The automation, search and analysis of all this data can be characterized as ‘log intelligence’ for executives, and provides compliance conformance and risk mitigation for an enterprise.”

Posted by on September 22, 2005 in Log Management & Intelligence , LogLogic News , Security | Permalink

Visit loglogic.com

Subscribe to this blog’s feed

• January 2008
• December 2007
• November 2007
• October 2007
• September 2007
• August 2007
• July 2007
• June 2007
• May 2007
• April 2007
• March 2007
• February 2007
• January 2007
• December 2006
• November 2006
• October 2006
• September 2006
• August 2006
• July 2006
• June 2006
• May 2006
• April 2006
• March 2006
• February 2006
• January 2006
• December 2005
• November 2005
• October 2005
• September 2005

Blogroll

• CynergisTek
• Bruce Schneier
• InfoSecDaily

Compliance

• Continuity Central
• Compliance Pipeline
• SOX Compliance Journal
• Sarbanes-Oxley 101

Good Reading

• Log Managemen