Tech Brief. Choosing the Right Log Management Product. By Michael Pastore

Similar documents
Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Scalability in Log Management

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

Clavister InSight TM. Protecting Values

Discover & Investigate Advanced Threats. OVERVIEW

Detect & Investigate Threats. OVERVIEW

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

The SIEM Evaluator s Guide

How To Manage Log Management

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

RSA Solution Brief. Platform. The RSA envision. A Single, Integrated 3-in-1 Log Management Solution. RSA Solution Brief

Log Management Solution for IT Big Data

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.

access convergence management performance security

RSA SIEM and DLP Infrastructure and Information Monitoring in One Solution

Boosting enterprise security with integrated log management

An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011

RSA Solution Brief. RSA envision. Platform. Compliance and Security Information Management. RSA Solution Brief

Security Information and Event Management Introduction to envision: The Information Management Platform for Security and Compliance Operations Success

Compliance Management, made easy

QRadar SIEM and Zscaler Nanolog Streaming Service

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

High End Information Security Services

CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics

Securing your IT infrastructure with SOC/NOC collaboration

NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers

Converting Security & Log Data into Business Intelligence: Art or Science? Phone Conference

whitepaper Ten Essential Steps for Achieving Continuous Compliance: A Complete Strategy for Compliance

Demonstrating the ROI for SIEM: Tales from the Trenches

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

Security Information Management (SIM)

Eoin Thornton Senior Security Architect Zinopy Security Ltd.

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

TRIPWIRE NERC SOLUTION SUITE

DEMONSTRATING THE ROI FOR SIEM

Compliance and Security Information Management for PCI DSS Requirement 10 and Beyond

Privileged Identity Management for the HP Ecosystem

IBM Security QRadar SIEM Product Overview

SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements

An Introduction to RSA envision The Information Log Management Platform for Security and Compliance Success. September, 2009

Vendor Landscape: Security Information & Event Management (SIEM)

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs

Information Technology Policy

Bridging the gap between COTS tool alerting and raw data analysis

Vulnerability Management

The Firewall Audit Checklist Six Best Practices for Simplifying Firewall Compliance and Risk Mitigation

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

RSA Security Analytics Security Analytics System Overview

Extreme Networks Security Analytics G2 Risk Manager

Enabling Security Operations with RSA envision. August, 2009

Caretower s SIEM Managed Security Services

Feature. Log Management: A Pragmatic Approach to PCI DSS

Trend Micro. Advanced Security Built for the Cloud

Enterprise Security Solutions

Minder. simplifying IT. All-in-one solution to monitor Network, Server, Application & Log Data

E-Guide Log management best practices: Six tips for success

Netwrix Auditor. Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure

compliance through Integrated solutions for effective compliance management Solution Brief

Extreme Networks Security Analytics G2 Vulnerability Manager

Log Management and SIEM Evaluation Checklist

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

The RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

QRadar SIEM 6.3 Datasheet

Product white paper. ROI and SIEM. How the RSA envision platform delivers an Industry-leading ROI

What is SIEM? Security Information and Event Management. Comes in a software format or as an appliance.

What s New in Security Analytics Be the Hunter.. Not the Hunted

PCI DSS Top 10 Reports March 2011

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

QRadar Security Intelligence Platform Appliances

PCI DSS Reporting WHITEPAPER

Achieving Regulatory Compliance through Security Information Management

Juniper Security Threat Response Manager (STRM) Mikko Kuljukka COMPUTERLINKS Oy

What is Security Intelligence?

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AlienVault for Regulatory Compliance

10 Reasons Your Existing SIEM Isn t Good Enough

Best Practices for Building a Security Operations Center

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

Advanced Threats: The New World Order

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

How To Create Situational Awareness

Continuous Network Monitoring

Scaling Analytics to Meet Real-Time Threats in Large Enterprises: A Deep Dive into LogRhythm s Security Analytics Platform

Meeting PCI Data Security Standards with

How To Use Cautela Labs Cloud Agile.Com

Overcoming Active Directory Audit Log Limitations. Written by Randy Franklin Smith President Monterey Technology Group, Inc.

End-user Security Analytics Strengthens Protection with ArcSight

The Sumo Logic Solution: Security and Compliance

White Paper. Ensuring Network Compliance with NetMRI. An Opportunity to Optimize the Network. Netcordia

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

Transcription:

Choosing the Right Log Management Product By Michael Pastore Tech Brief an

Log management is IT s version of the good old fashioned detective work that authorities credit for solving a lot of crimes. It s not as flashy as the highspeed chase, but log management tracks everything that happens across the IT infrastructure and it s where the bad guys leave their footprints. The problem is how long it takes for anyone to notice them. According to the 2009 Verizon Data Breach Report, the time from compromise to discovery in 49 percent of breaches was measured in months. Trustwave s Global Security Report 2010 puts the average time between breach and detection at 156 days. IT organizations need good log management tools because, when done right, log management can reduce those months to minutes. Compliance is a big driver of many log management deployments, especially the Payment Card Industry (PCI) standards designed to prevent credit card fraud and protect cardholders data. For larger organizations, a good log management solution can help compliance with any number of regulations from Sarbanes-Oxley to FISMA, NERC, and even ISO best practices. Smaller organizations in certain industries, or that do business with enterprises bound by compliance regulations, have the same need for solid log management applications. In many cases, compliance is what pays for a log management deployment, but being compliant doesn t mean the infrastructure is secure. Compliance regulations are designed to set standards but they are usually far behind the latest security issues because compliance is driven by legislation. Security breaches can happen to businesses large and small, regardless of whether they are in compliance or even subject to compliance rules. The main difference between a breach at large or small business is the scale not just of the crime, but also the fines and loss of reputation and customer loyalty. An effective log management tool keeps your infrastructure secure and compliant. What to Look for in a Log Management Solution Raw log files contain millions of events, so the first thing to look for in a log management application is a degree of intelligence that makes sense of the events and helps administrators see the big picture. For example, a set of logs might show that a user failed five login attempts before finally logging in. It s possible that this user forgot his or her password. It s also potentially a sign of a brute force attack on a network. So how does an organization filter out the noise in order to find the events of interest that impact security and compliance policies? A new approach is needed one where an organization has visibility beyond the log messages and can also see what changed. Once an organization can see the relationships across both log and change events it s possible to quickly find the events of interest that matter most. Going back to the login 1

example: if a user failed logging in five times, then successfully logged in, and then changed a critical file that lowers a policy score, then these events of interest need attention. Out of millions of log and change events that occur on a daily basis, a string of activities like this needs to be investigated immediately. This type of intelligence can require the purchase of an additional product from some vendors, which can, of course, drive up the price. Every IT professional knows to watch out for feature creep when choosing new software, and log management is no exception. Log management is closely tied to security information and event management (SIEM) and security event management (SEM). SIEM capabilities help users see the big picture, but buyers need to watch how adding SIEM capabilities and other add-ons, such as reporting or forensics, can affect the price tag when they aren t included with log management. Many log management products are sold as appliances, which have the potential to drive up infrastructure costs. The same applies to storage, which is important because the log files need to be saved. Some log management products let users take advantage of existing storage on the network, others include it with the product, and some will work with appliances, connections, and consoles certain storage products (or charge a can all play a role in log management fee to connect to others). pricing, depending on the vendor. Some vendors will have easier pricing Once an organization has visibility to understand than others. beyond the log files, it needs to react to potential problems. Good log Five Leading Log Management management products alert security Vendors analysts or administrators to problems and even let them set up rules to Tripwire automatically handle certain situations. http://www.tripwire.com This allows them to react much more quickly and helps circumvent attacks Tripwire Log Center combines log or reduce the time from breach to management and security information detection. and event management (SIEM). It captures hundreds of thousands of Finally, IT professionals shopping for events per second from any number log management products need to of devices and then compresses, examine how the vendors charge for encrypts, and stores the logs. The the product. Log management pricing built-in SIEM capabilities in Tripwire can get complicated quickly because Log Center can provide real-time a number of considerations can come alerts about suspicious activity. Users into play. The number of events, users, can compare activity against a set of Every IT professional knows to watch out for feature creep when choosing new software, and log management is no exception. 2

pre-defined policies and thresholds and receive alerts when a threshold is breached. Customizable dashboards can show users where there is suspicious activity in real time. The data collected by Tripwire Log Center is indexed so users can complete fast, complex searches using plain keywords. Tripwire s offering is unique in that it provides visibility into log and change events by integrating outof-the-box with Tripwire Enterprise, which provides in-depth file integrity monitoring on files and configurations throughout the infrastructure. The end result is visibility of events and changes across the network. Tripwire Log Center is available as software only, and it will work with standard local and remote storage mediums to store the data. Tripwire offers tiered pricing based on the number of events per second. TriGeo www.trigeo.com TriGeo SIM is a security information management (SIM) appliance built for mid-market businesses. Using a combination of proprietary agent technology and backbone integration, it captures and correlates data from existing network security products and operating systems in real-time. It then aggregates, correlates, and filters the data into a central control console. Using what TriGeo calls Intelligent Correlation it conducts real-time analysis and automated remediation. An event normalization engine correlates multiple events into one intelligible line of data that TriGeo can respond to in real-time with automatic notification and/or active response, depending on a set of rules that administrators define. Additional products from TriGeo can help fill in your analysis needs. Trigeo ndepth is a network security appliance designed to blend real-time event correlation, deep forensic analysis, and point-and-click response. Trigeo nsight is a business intelligence product for network management and security that discovers the unknown, unpredictable, and unforeseen relationships in your network data. LogLogic www.loglogic.com The LogLogic Open Log Management platform solution is offered as an appliance or as a managed service by LogLogic and its partners. One or more LogLogic ST appliances can handle log collection, search, and archival. Adding LogLogic LX appliances to the mix lets users deploy remote collectors or provide advanced log analysis and reporting. The LogLogic LX appliance is also available as a standalone log analysis appliance and scales up to enterprise or telco-grade editions. Not to be left behind, mid-sized businesses have a LogLogic appliance tailored for their log management needs: LogLogic MX. To round out the LogLogic offering, the LogLogic Compliance Manager helps businesses meet the log and security management mandates established by specific regulatory mandates. Pre-packaged compliance suites with out-of-the-box reports and alerts are available for PCI and SOX. LogLogic Security Event Manager integrates with the LogLogic Open Log Management platform for archival, search, and forensic analysis. LogLogic Database Security Manager protects sensitive information in databases through monitoring and real-time blocking. RSA www.rsa.com RSA envision is the security information and event management solution from RSA, a household name in enterprise security that is now part of EMC. EMC, of course, made its name in storage, so when RSA says its envision product is capable of collecting and analyzing large amounts of data in real-time, from any event source and in computing environments of any size, you can be reasonably assured it knows what it s talking about. RSA envision comes in ES Series and LS Series appliances and there s external direct-attached storage, based on EMC s storage offerings, available for enterprises with vast amounts of data to store. RSA envision uses its LogSmart Internet Protocol Database (IPDB) for 3

collecting all of an organization s raw logs for use in real-time monitoring, proving compliance, and forensic analysis. The IPDB has significant log data compression (up to 75 percent, according to RSA) to help minimize storage costs and maximize access to and analysis of the data. ArcSight www.arcsight.com ArcSight Logger, like RSA envision, is another enterprise player in the log management space. It supports collection of raw or unstructured logs from syslog or file-based log sources. It also uses ArcSight Connectors that collect data from nearly 300 distinct log-generating sources. ArcSight Connectors take that data and put it in a common format, which makes reporting and analysis easier. ArcSight Connectors can be deployed as software or as appliances in data centers and regional or branch offices. The ArcSight Connectors are also designed to offer bandwidth controls, log traffic prioritization, local caching, and other measures designed to minimize data loss or the impact on business-critical traffic. ArcSight Logger uses role-based or personalized dashboards that combine relevant reports into a single console. Users then drill into specific reports and simulate audit workflow. It features RAID-enabled onboard storage, and it can also leverage an existing SAN as the log data store. In addition, ArcSight PCI Logger is the company s all-in-one log collection, storage, and analysis appliance for automating PCI audits and protecting cardholder data. 4

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information