Event logs have to be collected and managed to meet IT compliance needs, but they are also increasingly seen as a major resource to boost enterprise security. Learn why that's so, why traditional log and event management solutions don't provide the answer, and how a modern integrated product does.
Tripwire Log CenterNEXT GENERATION LOG AND EVENT MANAGEMENT
WHITE PAPERIntroduction
A decade or more ago, logs of events recorded by firewalls, focus on just collecting and storing logs, and traditional intrusion detection systems and other network devices were SIEM systems that attempt to combine both the collection considered more of a nuisance than a help. There were too and analytical prowess needed to meet the emerging trends many of them, they weren't easily collected, and there was are too complex end up being cost prohibitive for most no easy way to make sense of which were important. organizations.When network administrators had log recording turned That's not surprising since the log management indus-on, they were lost in a sea of data, and would have to try, which focuses on collecting and managing logs, and sift through it all in an attempt at analyzing suspicious the security information and event management (SIEM) activities. industry, which is the analytical side of the equation, have Some organizations deployed early Security Information developed more-or-less separately. and Event Management (SIEM) systems to help filter out the You usually either have to choose between strong log noise. The problem, however, is that the industry and gov- management or strong security event management capabili-ernment auditors found a gap in what was collected. There ties, with separate devices needed for each product. The was no way to capture the events that those early SIEM combinations that do exist are essentially tools from one solutions weren't aware of. The auditors said that everything side bolted onto those from the other, with questionable needed to be captured and stored. impact on the scalability and performance needed from Compliance regulations such as Payment Card Industry modern, integrated solutions. Data Security Standard (PCI DSS), NERC, Sarbanes-Oxley Tripwire Log Center offers a new approach. Tripwire Log (SOX), and the Federal Information Security Management Center was built to include both log and event management Act (FISMA) changed at least part of that scenario. in an all-in-one solution from the very first day. It meets IT Organizations now need to be meticulous in collecting and compliance needs by capturing tens of thousands of events storing log data. If they aren't they can be slapped with per second, then compressing, encrypting and storing the fines, and their executives held responsible. logs. Since it supports all the most popular log transmission Another, and more positive, trend is emerging. Some protocols, it can immediately collect logs from just about organizations are starting to realize they can use logs to any source. And since it has SIEM capabilities built right in, pinpoint holes in their cyber defenses and thereby boost itprovides real-time alerts about suspicious activity.security. The Defense Department in a recent study said The all-in-one log and event management capabilities that log management ranked among the highest value con- of Tripwire Log Center make it a sophisticated security trols that could be used to block attacks on networks. event analysis platform. With it, you can query and search In a 2009 survey of the log management industry, The all the data in the event database and then drill down to SANS Institute reported more organizations saying that top investigate any suspicious activities. It provides graphical uses for log data were "tracking suspicious behavior and tools for correlating events, and pinpointing parts of the user monitoring" and for forensics and day-to-day IT opera- infrastructure that could be affected by any incident. A tions. In previous years, SANS said, companies had reported centralized dashboard gives a quick view of all alerts, events trouble just collecting log data. and vulnerabilities.Mature organizations are now beginning to use logs for And, though Tripwire Log Center is a standalone prod-these more advanced purposes, it said. uct, it also works hand-in-hand with Tripwire Enterprise But there's a disconnect between desire and application. to provide a single, integrated IT security and compli-Not only are there now even more devices that produce ance automation solution that correlates change data and logs, and therefore increasingly large volumes of data to compliance status with events-of-interest produced by the manage, but different devices and operating systems use log ... [download for more]
