This whitepaper will outline the drivers for log management as well as their underlying challenges and drive towards a common set of requirements for evaluation of log management tools.
Whitepaper
TArcSight Logger
Extracting Value from Enterprise Log Data
Research 002-103108-02
ArcSight, Inc. Corporate Headquarters: 1-888-415-ARST 5 Results Way, Cupertino, CA 95014, USA EMEA Headquarters: +44 870 351 6510 www.arcsight.com info@arcsight.com Asia Pac Headquarters: 852 2166 8302Whitepaper: ArcSight Logger - Extracting Value from Enterprise Log Data
Executive Overview Consumers of Log DataCompliance, forensics, security and IT operations teams Across the enterprise, there are a growing number of have long recognized the value that log data can deliver. An constituents that can benefit from log data.effective log management solution can help organizations in several ways: . Audit and Compliance Groups recognize the value of log data in monitoring adherence to compliance controls and in simplifying, automating and . Contain the growing cost of regulatory audits through streamlining costly compliance initiatives. Manual automation efforts and homegrown log infrastructure may . Reduce expenditure on point security and compliance provide a patch solution for initial audits, but do little tools through comprehensive monitoring across all to deliver long-term cost reductions in the face of users and systems extended regulatory data retention and stringent audit reporting requirements. There is a clear need . Cut data center costs through consolidation of siloed for a comprehensive log management solution that homegrown log infrastructure can provide efficient collection and low-cost, long-. Improve efficiency of forensics investigations with term storage of audit-quality log data from regulated high-performance log analysis sources, ranging from networking equipment and . Increase troubleshooting turnaround times and security devices to databases and homegrown adherence to SLA's applications. . Security Teams can leverage rapid access to log Despite these tangible benefits, organizations continue data for security threat detection, investigation follow to struggle with even the basic steps of log management through and development of remediation plans. To such as collection and analysis. This whitepaper will facilitate those benefits, log management solutions need to support analysis of log data over extended outline the drivers for log management as well as their periods of time, as well as isolating events based on underlying challenges and drive towards a common set common attributes such as source type, user name, of requirements for evaluation of log management tools. IP address, etc.The paper also provides an overview of the ArcSight log management solution and concludes with several examples . IT Operations and Helpdesk Teams responsible that illustrate how enterprises can leverage an effective log for networks, security or applications are working management solution to automate security monitoring and more closely together or even merging, and they can certainly benefit from a consolidated view of regulatory compliance, conduct forensics more efficiently operational activity across the enterprise. To meet and improve operational standards. operational objectives around availability and SLAs,
CIO Compliance We need to improve Regulatory retention and adherence to our SLAs reporting requirements are very costly
Forensics CSO We're spending countless I need better visibility hours following up on into security threatsincidents
Figure 1: Consumers of Log Data
ArcSight 1Whitepaper: ArcSight Logger - Extracting Value from Enterprise Log Data
the complexity of consolidating log information across Log Collection Challengesdisparate and functionally-oriented event sources Log collection is a problem for several reasons, but the must be addressed. An efficient and scalable log management infrastructure solves this problem by scope of collection is perhaps the biggest one. Especially supporting high-volume log collection across all as a result of compliance, organizations have to collect network sources with the added flexibility of simplified logs from numerous devices and device types all the analysis and contextual data for improved operations. way from security / network devices up through operating systems, databases, as well as applications and web logs. . Executives (CIOs, CFOs and CEOs) can benefit Simply keeping up with the growing log volumes can be a from dashboards and reports... [download for more]
