The Business Benefits of Logging



Similar documents
Logging the Pillar of Compliance

BalaBit IT Security Insight Singaporean Internet Banking and Technology Risk Management Guidelines Compliance

Performance Guideline for syslog-ng Premium Edition 5 LTS

How To Buy Nitro Security

syslog-ng Product Line

QRadar SIEM 6.3 Datasheet

Brainloop Cloud Security

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Results Oriented Change Management

Log Management How to Develop the Right Strategy for Business and Compliance. Log Management

The syslog-ng Store Box 3 F2

Change Management: Automating the Audit Process

Introducing the product

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

Netwrix Auditor. Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure

The syslog-ng Store Box 3 LTS

Adopt and implement privacy procedures, train employees on requirements, and designate a responsible party for adopting and following procedures

UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS ADMINISTRATION TOOLS NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Scalability in Log Management

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

Navigate Your Way to PCI DSS Compliance

Solution Brief for ISO 27002: 2013 Audit Standard ISO Publication Date: Feb 6, EventTracker 8815 Centre Park Drive, Columbia MD 21045

ISO27001 compliance and Privileged Access Monitoring

How to Develop a Log Management Strategy

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.

whitepaper Ten Essential Steps for Achieving Continuous Compliance: A Complete Strategy for Compliance

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

Information Technology Policy

74% 2014 SIEM Efficiency Survey Report. Hunting out IT changes with SIEM

Achieving Compliance with the PCI Data Security Standard

Boosting enterprise security with integrated log management

PCI DSS compliance and log management

security policy Purpose The purpose of this paper is to outline the steps required for developing and maintaining a corporate security policy.

Personal Information Threats & Risks: Responding to an Evolving Landscape with an Integrated Data Protection Approach

syslog-ng Store Box PRODUCT DESCRIPTION Copyright BalaBit IT Security All rights reserved.

Why SAAS makes sense: The benefits of Cloud Computing for Archiving

Clavister InSight TM. Protecting Values

Detect & Investigate Threats. OVERVIEW

IBM Software Top tips for securing big data environments

GUARDING YOUR BUSINESS. Log Management Essentials

CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics

Managing Cloud Computing Risk

NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Network Performance + Security Monitoring

Preemptive security solutions for healthcare

File Integrity Monitoring: A Critical Piece in the Security Puzzle. Challenges and Solutions

The PBX Is Dead. Long Live the Integrated Communications System (ICS)

Oracle Database Security Services

IBM QRadar Security Intelligence April 2013

Everything You Always Wanted to Know About Log Management But Were Afraid to Ask. August 21, 2013

THE GLOBAL EVENT MANAGER

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security

Compliance & SAP Security. Secure SAP applications based on state-of-the-art user & system concepts. Driving value with IT

Payment Card Industry Data Security Standard

White Paper Achieving SOX Compliance through Security Information Management. White Paper / SOX

HP and netforensics Security Information Management solutions. Business blueprint

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February

Cloud Security Introduction and Overview

WHITE PAPER WHAT HAPPENED?

Changing Trends In Healthcare Information Management and Electronic Health Records

SIEM Implementation Approach Discussion. April 2012

TOP 3. Reasons to Give Insiders a Unified Identity

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing

How to Turn the Promise of the Cloud into an Operational Reality

Security management solutions White paper. Extend business reach with a robust security infrastructure.

Advanced File Integrity Monitoring for IT Security, Integrity and Compliance: What you need to know

Microsoft s Compliance Framework for Online Services

DEVELOPING A CYBERSECURITY POLICY ARCHITECTURE

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

Discover & Investigate Advanced Threats. OVERVIEW

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

An Oracle White Paper December Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance

How To Monitor Your Business

HIPAA Compliance with LT Auditor+

SAP Product and Cloud Security Strategy

Sarbanes-Oxley Act. Solution Brief. Sarbanes-Oxley Act. Publication Date: March 17, EventTracker 8815 Centre Park Drive, Columbia MD 21045

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

Injazat s Managed Services Portfolio

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview

Big Data, Big Risk, Big Rewards. Hussein Syed

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

How to Justify Your Security Assessment Budget

The Evolution of Application Monitoring

Top Five Ways to Protect Your Network. A MainNerve Whitepaper

The Comprehensive Guide to PCI Security Standards Compliance

1. Understanding Big Data

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

UNCLASSIFIED. UK Archiving powered by Mimecast Service Description

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

ATA DRIVEN GLOBAL VISION CLOUD PLATFORM STRATEG N POWERFUL RELEVANT PERFORMANCE SOLUTION CLO IRTUAL BIG DATA SOLUTION ROI FLEXIBLE DATA DRIVEN V

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

IBM Tivoli Compliance Insight Manager

CorreLog Alignment to PCI Security Standards Compliance

Outbound Security and Content Compliance in Today s Enterprise, 2005

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

Managing Special Authorities. for PCI Compliance. on the. System i

Transcription:

WHITEPAPER The Business Benefits of Logging Copyright 2000-2011 BalaBit IT Security All rights reserved. www.balabit.com 1

Table of Content Introduction 3 The Business Benefits of Logging 4 Security as Business Responsibility 4 Don t Lose Out in Court! 6 What will the Future Bring? 7 What does BalaBit syslog-ng Offer? 7 Learn More 8 2

Introduction For many years, logging had been the exclusive privilege of IT experts. However, this has changed drastically by today, as it has become capable of playing a role in maintaining security which is of equal significance to providing support for specific business areas. When covering several levels of the organization, its use is in many cases accompanied by well measurable business benefits, which should not be neglected from either the financial or technological point of view. Within the framework of this document, we demonstrate the advantages that logging brings to decision makers, describe how it can help in gaining returns on investments, and how it contributes to lowering the operating costs of organizations while making them more efficient. The document also highlights the methods used at companies and institutions where logging is compulsory due to compliance requirements in order so that this field of IT, which is important and can provide a significant contribution, is not viewed as a necessary evil. From the Past into the Present In order to gain a sense of the significant development that logging has undergone, we need to briefly leap back three decades into the past. During the 1980 s an American programmer Eric Allman developed Syslog, the ancestor of today s logging systems, with the purpose of making it possible to monitor mailing systems. It soon became evident that the use of this solution is much more universal than anyone would have originally thought. As IT devices and applications started to become more prolific, so did logging become increasingly prevalent, although initially it only served diagnostic, maintenance, and development needs. At this time, logging was perceived by managers and users merely as an activity during which system administrators sit in front of monitors, shuffling through large masses of data all day, and sometimes complaining that a server upgrade would be really useful. Later, the focus increasingly shifted to security, which in many cases also had a direct impact on the perception and goodwill of companies, which resulted in the role of logging starting to gain more value. Today, we have reached a situation in which logging in the ideal case has become a determining factor in the life of an organization, providing help in the work of not only IT and security experts, but also becoming an efficient tool for management. Reports and information provided by logging systems can serve as the basis of business decisions and contribute to achieving strategic objectives. 3

The Business Benefits of Logging As previously mentioned, logging has become increasingly prevalent during recent years, and has gained a role in the supervision of an increasing number of systems. This, amongst others, has resulted in a huge amount of information becoming available from logging systems. From the business perspective, the involvement of applications in central logging was a key factor in making it possible not to only create analyses for IT and security purposes, but to also create reports which provide help to management in making decisions and controlling corporate processes. As a result, log messages can today be even used for refining the business strategy and providing support in corporate management. Logging can be used to monitor both the activities within the organization and the external environment, which can eventually contribute to activities such as measuring employee efficiency, providing a baseline for financial projections, or mapping customer behavior, thereby making marketing as well as sales more successful. This is especially true of electronic commerce, as valuable information can be gained by monitoring web shops and online services, followed by the appropriate evaluation of logs. However, this does not cover all the benefits offered by logging. The following contains the analysis of a number of areas that may have a fundamental impact on the life of organizations, which, if appropriately controlled, can prevent financial losses or result in efficiency improvement measures. Security as Business Responsibility The management of companies and institutions frequently tries to shift all security related responsibilities to the manager in charge of security or IT. However, in reality, establishing protection is a process involving several stakeholders, which must cover everyone from senior management through IT experts to users. Management commitment is essential to be able to manage risks appropriately on all levels of the organization, and for security incidents to be preventable with a high degree of probability. This is because if an undesired data security incident occurs which has a direct or indirect financial implication on the company, owners and shareholders will not be pleased with these events. Not to speak of the customers, who in such cases will be quick to turn away from a company. A bank security survey conducted by Ponemon Institute, an independent research organization primarily concerned with issues of data privacy and information security, has revealed that 10 percent of the customers asked comprised of small and medium enterprises have already switched banks due to security related problems. 4

It is perceived that management must be aware of both external and internal threats and gain an exact overview of the efficiency of protection measures. However, this can only be achieved if the level of security becomes controllable at all points in time due to the implementation and circumspect operation of logging systems on appropriate levels, and quick reaction to attacks becomes possible. This is because these can prevent severe financial losses, while the efficiency of past and future investments related to IT and security infrastructure can also be increased significantly. Please note that damages are by far not only caused by external attacks. Today, internal incidents contribute to the most severe loses. Just consider what happens when a person (for example, the CFO) logs into a financial system without any trace of presence in the physical access system. In this case, this anomaly, this contradiction can be made recognizable with the help of a logging system implemented on several levels, and quick action can be taken to verify whether the person logging into the system was actually the CFO, or whether an unauthorized person is attempting to access information on behalf of the executive. Risks are further increased for example by social networking services that are becoming increasingly popular, which also significantly increase the probability of data leaks. In addition, today s uncertain economic situation also increases the vulnerability of confidential data to employees fearing for their existence. Gartner: log management is the only way Organizations wishing to implement SIEM (Security Information and Event Management) technology for security audits and the management of compliance problems will by all means need to choose from technologies also offering strong log management features. This is because these tools support cost efficient data storage, archival, and analysis performed on a high volume of data, the processing and search of log messages from various sources, as well as related reporting. Log management solutions offer efficient services, thereby helping in satisfying both compliance requirements as well as the collection, retention, and processing of log data. These services are increasingly gaining importance for organizations. Activities Observed Within various organizations, an increasing aura of mistrust has started to surround the work performed by system administrators and users with high level authorizations during the past years. Obviously, this is also due to the fact that a high number of incidents became known that were related to security incidents that have occurred as a result of internal attacks. Regretfully, when these problems are mentioned, it is frequently stated that system administrators are fundamentally sly and therefore need to be observed. However, this could not be farther from the truth. What more, it must also be noted that the introduction of a truly efficient monitoring system also serves the protection of system administrators, because if they are subjected to unfounded suspicion related to an incident, they can credibly prove their innocence. 5

In addition to auditing system administrators and key users, outsourcing is also frequently mentioned, where activity monitoring systems gain an increasingly important role. This is because during IT outsourcing projects, an organization can lose control over many things. It is the long term interest of both IT providers and users of services to establish an environment which is transparent and controllable. This is because this can convey trust to the customers, while management may also rest more assured as a significant security risk is eliminated. It is becoming apparent that activity monitoring is increasingly becoming a part of the management of human resources. This is because in addition to highlighting internal threats, the data retrieved from logging systems can also provide a basis for efficiency analysis. The central collection of application logs make reports available that are broken down by users, which can contribute to the enhancement of corporate processes or making the work of employees more efficient. For example, if a group of employees generates a higher number of virus alerts than the average, the organization of training courses must be considered to increase security awareness. And if many log messages are gathered in an access control system which indicate abnormalities, workflows may need to be regulated. Don t Lose Out in Court! As IT has become part of our everyday lives, the number of disputed issues related to computer systems, confidential data, electronic documents, etc. has increased. This all has naturally led to courts discussing an increasing number of cases that are indirectly or directly related to IT systems or cybercrime activities. In such cases, logging plays an especially important role, as it helps in reconstructing events and providing evidence. Whether the issue is external or internal damage, attempted fraud, or other unauthorized activities, log messages can shed light on many things. This is also true of cases that may have a fundamental impact on the finances, perception and goodwill of organizations. However, corporate executives frequently neglect the fact that not all log data can be used as evidence. This is because courts will only allow log based information to be submitted as evidence if no one had the opportunity to tamper it previously. This means that there is no point in making the date of last data modification and the user that performed the modification available in an ERP system if someone had the opportunity to modify these entries in the database. All this also leads to leveraging appropriate technology in order to ensure the integrity, credibility and confidentiality of log messages so that they can be used in a well founded manner during legal proceedings. 6

Compliance in all Areas When statutory and industry regulations require that an organization perform logging, building an efficient logging infrastructure is unavoidable. The situation is the same when a company wishes to comply with one standard or another due to business and security considerations. However, the most important thing is when logging is implemented for reasons of compliance, it should not be viewed as a necessary evil, as the advantages listed above can yield multiple returns through an appropriately selected, implemented and operated logging system. As a result, their benefits may not only become apparent during audits, but they can also make it possible to achieve tangible and measurable results on a daily basis. IDC s view on logging Regulatory compliance requirements represent a significant driver on the market of security software. Today, companies are required to align with requirements represented by international standards and best practices when collaborating with business partners. However, in addition to compliance requirements, the increased complexity of security systems must also be taken into account, which today can only be supervised in a centralized manner. All this results in development on the market of log management tools, as well. Both log management and compliance management offer tools that can add significant value to corporate security infrastructures. What will the Future Bring? As we have seen, logging has undergone a thorough evolutionary process. Due to the advanced solutions available today, the collection and storage of high volumes of data does not cause a problem even in environments comprising countless different operating systems, applications, IT and communication devices. Today, the greatest challenge lies in the analyzing of data and the extraction of relevant information. In line with this, comprehensive research and development is being performed, with the aim of further reducing the human resource requirements and making analyses available that are as efficient as possible, for example by leveraging the achievements of business intelligence. What does BalaBit syslog-ng Offer? Within this document, we have provided an outline of many logging-based business benefits that can make the work of managers more successful. However, in order to achieve these benefits, a suitable technology is needed which is fully embodied in the BalaBit syslog-ng infrastructure. The syslog-ng application provides an end-to-end solution to satisfy and consolidate enterprise-wide logging needs. It ensures reliable log messages for analysis purposes, while making it possible to implement a high performance log infrastructure. It makes troubleshooting as well as forensics processes more efficient, while reducing operational risks and costs. During the development of syslog-ng, BalaBit pays attention to typical large corporate requirements, such as reliability, scalability and the ability to integrate in heterogeneous environments. One of the key features of syslog-ng is that it complies with requirements that make it possible to be used during legal proceedings. It also complies with the requirements outlined in the most frequently applied international standards, such as SOX, PCI-DSS, HIPAA, ISO 27001 or COBIT. 7

syslog Architecture Management syslog-ng Central Server TCP / ENCRYPTED LOG TRAFFIC TCP / ENCRYPTED LOG TRAFFIC syslog-ng Relay syslog-ng Relay Servers Data Center (New York) Company HQ (Singapoore) Data Center (Chicago) Key benefits for the Managers: Centralizing enterprise-wide logging needs Building complete, unified logging infrastructure Optimizing TCO of existing SIEM installations Easier troubleshooting and forensics Tamper-proof logging for regulatory compliance Lowering operational risks and costs Learn More BalaBit IT Security is an innovative information security company, one of the global leaders in developing privileged activity monitoring, trusted logging and proxy-based gateway technologies to help customers be protected against insider and outsider threats and meet security and compliance regulations. As an active member of the open source community, we provide solutions to a uniquely wide range of both open source and proprietary platforms, even for the most complex and heterogeneous IT systems across physical, virtual and cloud environments. BalaBit is also known as the syslogng company, based on the company s flagship product, the open source log server application, which is used by more than 650.000 customers worldwide and became the globally acknowledged de-facto industry standard. BalaBit, the second fastest-growing IT Security company in the Central European region concerning Deloitte Technology Fast 50 list, has local offices in France, Germany, Italy, Russia, and in the USA, and cooperates with partners worldwide. Its R&D and global support centres are located in Hungary, Europe. Read more about BalaBit syslog-ng products Request evaluation version Request callback Look for a reseller 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information