– Pam Casale, Chief Marketing Officer at Intellitactics (www.intellitactics.com), says:
Why are enterprises looking for more than “just logging”?
For many reasons, logs are not useful in real time and are not helpful if you are trying to be proactive. There just aren’t enough human eye balls to look at them no matter how sophisticated your search engine or indexes are. And, of course you don’t want to wait for something bad to “show up” you want to be in a position to be proactive. Once you transform billions of logs into a fewer number of more meaningful security events you can do more: run reports that isolate bad actors or suspicious activity; run reports that show control violations that put you at risk; create notifications for other IT groups or stakeholders; or, even take small actions like close ports, reroute network traffic, stop transactions, make passwords improperly used inactive.
How can data center/IT managers overcome issues with log management tools?
• First, don’t settle for just logs. No matter how fancy the search capabilities of a logging tool might appear to be, logs alone limit your ability to understand and investigate what’s going on. The technology is available and affordable that will transform logs into more meaningful, actionable events – choose one of these. Today they almost cost the same as the logging only tools.
• Second, choose a product that is fully capable. By this we mean find a vendor with ONE appliance that does all the work: collects and stores all the logs, provides a user interface that enable proactive management of security events and generates all the reports you need for an audit and most important find a product that generates reports you can give to administrators in exchange for the logs the security people need. By this we mean that firewall or anti-virus reports can be provided back to the domain owner that are valuable for improving the effectiveness of operations. Security gets the logs they need to defend the enterprise and the domain owners get reports that help them sustain the availability and performance of service.
Collecting logs and using them to manage security and prove compliance is essential. Log management that strains resources, costs a lot directly or indirectly is not essential. Logs are interesting to look at but when every minute counts you want events, automated alerting and notification. Intellitactics learned about log and event management from some of the world’s most capable enterprise organizations. We took that knowledge and expertise and applied it to the appliances called SAFE. It’s the only security management appliance with all the capability on one affordable, right-sized box. Less rack space, no DBA required, self managing and monitors its own health. The SAFE dashboard can be configured for every domain owner and the reports are audit worthy and can also be used by operations for sustaining availability of key business services. If your needs change, or your sphere of influence grows you can layer capability without losing your investment.