The Business Benefits of Logging

Transcription

1 WHITEPAPER The Business Benefits of Logging Copyright BalaBit IT Security All rights reserved. 1

2 Table of Content Introduction 3 The Business Benefits of Logging 4 Security as Business Responsibility 4 Don t Lose Out in Court! 6 What will the Future Bring? 7 What does BalaBit syslog-ng Offer? 7 Learn More 8 2

3 Introduction For many years, logging had been the exclusive privilege of IT experts. However, this has changed drastically by today, as it has become capable of playing a role in maintaining security which is of equal significance to providing support for specific business areas. When covering several levels of the organization, its use is in many cases accompanied by well measurable business benefits, which should not be neglected from either the financial or technological point of view. Within the framework of this document, we demonstrate the advantages that logging brings to decision makers, describe how it can help in gaining returns on investments, and how it contributes to lowering the operating costs of organizations while making them more efficient. The document also highlights the methods used at companies and institutions where logging is compulsory due to compliance requirements in order so that this field of IT, which is important and can provide a significant contribution, is not viewed as a necessary evil. From the Past into the Present In order to gain a sense of the significant development that logging has undergone, we need to briefly leap back three decades into the past. During the 1980 s an American programmer Eric Allman developed Syslog, the ancestor of today s logging systems, with the purpose of making it possible to monitor mailing systems. It soon became evident that the use of this solution is much more universal than anyone would have originally thought. As IT devices and applications started to become more prolific, so did logging become increasingly prevalent, although initially it only served diagnostic, maintenance, and development needs. At this time, logging was perceived by managers and users merely as an activity during which system administrators sit in front of monitors, shuffling through large masses of data all day, and sometimes complaining that a server upgrade would be really useful. Later, the focus increasingly shifted to security, which in many cases also had a direct impact on the perception and goodwill of companies, which resulted in the role of logging starting to gain more value. Today, we have reached a situation in which logging in the ideal case has become a determining factor in the life of an organization, providing help in the work of not only IT and security experts, but also becoming an efficient tool for management. Reports and information provided by logging systems can serve as the basis of business decisions and contribute to achieving strategic objectives. 3

4 The Business Benefits of Logging As previously mentioned, logging has become increasingly prevalent during recent years, and has gained a role in the supervision of an increasing number of systems. This, amongst others, has resulted in a huge amount of information becoming available from logging systems. From the business perspective, the involvement of applications in central logging was a key factor in making it possible not to only create analyses for IT and security purposes, but to also create reports which provide help to management in making decisions and controlling corporate processes. As a result, log messages can today be even used for refining the business strategy and providing support in corporate management. Logging can be used to monitor both the activities within the organization and the external environment, which can eventually contribute to activities such as measuring employee efficiency, providing a baseline for financial projections, or mapping customer behavior, thereby making marketing as well as sales more successful. This is especially true of electronic commerce, as valuable information can be gained by monitoring web shops and online services, followed by the appropriate evaluation of logs. However, this does not cover all the benefits offered by logging. The following contains the analysis of a number of areas that may have a fundamental impact on the life of organizations, which, if appropriately controlled, can prevent financial losses or result in efficiency improvement measures. Security as Business Responsibility The management of companies and institutions frequently tries to shift all security related responsibilities to the manager in charge of security or IT. However, in reality, establishing protection is a process involving several stakeholders, which must cover everyone from senior management through IT experts to users. Management commitment is essential to be able to manage risks appropriately on all levels of the organization, and for security incidents to be preventable with a high degree of probability. This is because if an undesired data security incident occurs which has a direct or indirect financial implication on the company, owners and shareholders will not be pleased with these events. Not to speak of the customers, who in such cases will be quick to turn away from a company. A bank security survey conducted by Ponemon Institute, an independent research organization primarily concerned with issues of data privacy and information security, has revealed that 10 percent of the customers asked comprised of small and medium enterprises have already switched banks due to security related problems. 4

5 It is perceived that management must be aware of both external and internal threats and gain an exact overview of the efficiency of protection measures. However, this can only be achieved if the level of security becomes controllable at all points in time due to the implementation and circumspect operation of logging systems on appropriate levels, and quick reaction to attacks becomes possible. This is because these can prevent severe financial losses, while the efficiency of past and future investments related to IT and security infrastructure can also be increased significantly. Please note that damages are by far not only caused by external attacks. Today, internal incidents contribute to the most severe loses. Just consider what happens when a person (for example, the CFO) logs into a financial system without any trace of presence in the physical access system. In this case, this anomaly, this contradiction can be made recognizable with the help of a logging system implemented on several levels, and quick action can be taken to verify whether the person logging into the system was actually the CFO, or whether an unauthorized person is attempting to access information on behalf of the executive. Risks are further increased for example by social networking services that are becoming increasingly popular, which also significantly increase the probability of data leaks. In addition, today s uncertain economic situation also increases the vulnerability of confidential data to employees fearing for their existence. Gartner: log management is the only way Organizations wishing to implement SIEM (Security Information and Event Management) technology for security audits and the management of compliance problems will by all means need to choose from technologies also offering strong log management features. This is because these tools support cost efficient data storage, archival, and analysis performed on a high volume of data, the processing and search of log messages from various sources, as well as related reporting. Log management solutions offer efficient services, thereby helping in satisfying both compliance requirements as well as the collection, retention, and processing of log data. These services are increasingly gaining importance for organizations. Activities Observed Within various organizations, an increasing aura of mistrust has started to surround the work performed by system administrators and users with high level authorizations during the past years. Obviously, this is also due to the fact that a high number of incidents became known that were related to security incidents that have occurred as a result of internal attacks. Regretfully, when these problems are mentioned, it is frequently stated that system administrators are fundamentally sly and therefore need to be observed. However, this could not be farther from the truth. What more, it must also be noted that the introduction of a truly efficient monitoring system also serves the protection of system administrators, because if they are subjected to unfounded suspicion related to an incident, they can credibly prove their innocence. 5

6 In addition to auditing system administrators and key users, outsourcing is also frequently mentioned, where activity monitoring systems gain an increasingly important role. This is because during IT outsourcing projects, an organization can lose control over many things. It is the long term interest of both IT providers and users of services to establish an environment which is transparent and controllable. This is because this can convey trust to the customers, while management may also rest more assured as a significant security risk is eliminated. It is becoming apparent that activity monitoring is increasingly becoming a part of the management of human resources. This is because in addition to highlighting internal threats, the data retrieved from logging systems can also provide a basis for efficiency analysis. The central collection of application logs make reports available that are broken down by users, which can contribute to the enhancement of corporate processes or making the work of employees more efficient. For example, if a group of employees generates a higher number of virus alerts than the average, the organization of training courses must be considered to increase security awareness. And if many log messages are gathered in an access control system which indicate abnormalities, workflows may need to be regulated. Don t Lose Out in Court! As IT has become part of our everyday lives, the number of disputed issues related to computer systems, confidential data, electronic documents, etc. has increased. This all has naturally led to courts discussing an increasing number of cases that are indirectly or directly related to IT systems or cybercrime activities. In such cases, logging plays an especially important role, as it helps in reconstructing events and providing evidence. Whether the issue is external or internal damage, attempted fraud, or other unauthorized activities, log messages can shed light on many things. This is also true of cases that may have a fundamental impact on the finances, perception and goodwill of organizations. However, corporate executives frequently neglect the fact that not all log data can be used as evidence. This is because courts will only allow log based information to be submitted as evidence if no one had the opportunity to tamper it previously. This means that there is no point in making the date of last data modification and the user that performed the modification available in an ERP system if someone had the opportunity to modify these entries in the database. All this also leads to leveraging appropriate technology in order to ensure the integrity, credibility and confidentiality of log messages so that they can be used in a well founded manner during legal proceedings. 6

7 Compliance in all Areas When statutory and industry regulations require that an organization perform logging, building an efficient logging infrastructure is unavoidable. The situation is the same when a company wishes to comply with one standard or another due to business and security considerations. However, the most important thing is when logging is implemented for reasons of compliance, it should not be viewed as a necessary evil, as the advantages listed above can yield multiple returns through an appropriately selected, implemented and operated logging system. As a result, their benefits may not only become apparent during audits, but they can also make it possible to achieve tangible and measurable results on a daily basis. IDC s view on logging Regulatory compliance requirements represent a significant driver on the market of security software. Today, companies are required to align with requirements represented by international standards and best practices when collaborating with business partners. However, in addition to compliance requirements, the increased complexity of security systems must also be taken into account, which today can only be supervised in a centralized manner. All this results in development on the market of log management tools, as well. Both log management and compliance management offer tools that can add significant value to corporate security infrastructures. What will the Future Bring? As we have seen, logging has undergone a thorough evolutionary process. Due to the advanced solutions available today, the collection and storage of high volumes of data does not cause a problem even in environments comprising countless different operating systems, applications, IT and communication devices. Today, the greatest challenge lies in the analyzing of data and the extraction of relevant information. In line with this, comprehensive research and development is being performed, with the aim of further reducing the human resource requirements and making analyses available that are as efficient as possible, for example by leveraging the achievements of business intelligence. What does BalaBit syslog-ng Offer? Within this document, we have provided an outline of many logging-based business benefits that can make the work of managers more successful. However, in order to achieve these benefits, a suitable technology is needed which is fully embodied in the BalaBit syslog-ng infrastructure. The syslog-ng application provides an end-to-end solution to satisfy and consolidate enterprise-wide logging needs. It ensures reliable log messages for analysis purposes, while making it possible to implement a high performance log infrastructure. It makes troubleshooting as well as forensics processes more efficient, while reducing operational risks and costs. During the development of syslog-ng, BalaBit pays attention to typical large corporate requirements, such as reliability, scalability and the ability to integrate in heterogeneous environments. One of the key features of syslog-ng is that it complies with requirements that make it possible to be used during legal proceedings. It also complies with the requirements outlined in the most frequently applied international standards, such as SOX, PCI-DSS, HIPAA, ISO or COBIT. 7

8 syslog Architecture Management syslog-ng Central Server TCP / ENCRYPTED LOG TRAFFIC TCP / ENCRYPTED LOG TRAFFIC syslog-ng Relay syslog-ng Relay Servers Data Center (New York) Company HQ (Singapoore) Data Center (Chicago) Key benefits for the Managers: Centralizing enterprise-wide logging needs Building complete, unified logging infrastructure Optimizing TCO of existing SIEM installations Easier troubleshooting and forensics Tamper-proof logging for regulatory compliance Lowering operational risks and costs Learn More BalaBit IT Security is an innovative information security company, one of the global leaders in developing privileged activity monitoring, trusted logging and proxy-based gateway technologies to help customers be protected against insider and outsider threats and meet security and compliance regulations. As an active member of the open source community, we provide solutions to a uniquely wide range of both open source and proprietary platforms, even for the most complex and heterogeneous IT systems across physical, virtual and cloud environments. BalaBit is also known as the syslogng company, based on the company s flagship product, the open source log server application, which is used by more than customers worldwide and became the globally acknowledged de-facto industry standard. BalaBit, the second fastest-growing IT Security company in the Central European region concerning Deloitte Technology Fast 50 list, has local offices in France, Germany, Italy, Russia, and in the USA, and cooperates with partners worldwide. Its R&D and global support centres are located in Hungary, Europe. Read more about BalaBit syslog-ng products Request evaluation version Request callback Look for a reseller 8