Sarbanes Oxley : Technology : Change Detection
Growing Dependence on Log Data for Compliance and Threat Response
March 21, 2008 08:00 AM
Three Quarters of Respondents Check Log Data Daily
Seventy-five percent of the senior IT management and network administration staff who responded to the SenSage survey stated that they checked their log data on a daily basis. Ninety percent of the participants, who represent diverse industries including healthcare, insurance, telecommunications and financial services, noted that they have used log data analysis in the past year to investigate a security breach.
"With all the excitement around the Web 2.0 craze, log data is definitely the unsung hero of the IT world," said Ed Chopskie, vice president of marketing for SenSage. "IT staffs largely ignore it unless something goes wrong. In the past, trying to use log data to prove a process was sound or to reconstruct what happened when an IT process failed or was breached was very cumbersome and time consuming. Today, tools like SenSage's software have streamlined the process and have given harried IT staffs an efficient way to quickly respond to increasing regulatory and audit demands and new security threats."
Reams of log data are created whenever time-stamped transactions occur in an enterprise's IT infrastructure. Popular sources of log data include routers, firewalls and other security detection and prevention appliances and applications, access management systems, and databases. Experts trying to analyze how a security breach occurred or why a particular IT process crashed would typically turn to log data as a last resort due to the complexity and time required to sift through all the records in hopes of finding the specific source of an issue.
Today, with advanced tools from SenSage for example, this analysis can occur so quickly and accurately -- even for a search involving terabytes of data -- that tracking of log data has become mainstream for meeting audit readiness and regulatory compliance, as well as for detecting suspicious activity, insider threats and other security breaches.
Results of note from the SenSage survey respondents include:
The Role of SenSage Software
SenSage's software collects data, including system log files, database event records, operating system event logs and telecommunications call detail records. It transforms this data -- often the largest dataset in the enterprise -- into actionable intelligence at much lower costs than traditional data warehousing and security products. The company's software solutions are standards-based and can be substantially optimized for hardware and storage products, resulting in a best-of-breed security information and event management (SIEM) appliance offering. SenSage's approach blends a high degree of performance with an array of administrative, management, analytics and reporting capabilities to meet the most stringent of compliance and regulatory requirements.
SenSage, Inc., www.sensage.com, offers the only patented event data warehousing solution for log management and compliance auditing applications. Over 300 customers have deployed SenSage solutions to reduce the risks associated with insider threats, system downtime and failed audits by providing faster, more granular analysis of privileged user behavior and analyzing anomalies across network, system and application activity. Based in San Francisco, the company markets its solutions directly and through partners, including Cerner, EMC, HP, HDS, IBM, Intec Billing Systems, Lockheed Martin, Network Appliance, Sendmail, Symantec and Tokyo Electron Device.
* The survey respondents of 60 enterprise IT decision makers, including chief information officers, chief security officers, and senior compliance officers, was conducted via a questionnaire distributed between December 2007 and January 2008.