When logs are insufficient - Benefits of activity monitoring over logging
If you purchase a log management or SIEM tool, you might sit back with the conclusion that all your system audit and compliance problems are solved. Unfortunately, this rosy picture seems to ignore the ever-present problem of blind spots in audit reports: if your apps don't log it, your audit report won't show it...
There are several scenarios of where the blind spots occur. For example, basic system administrator activities, such as firewall or web-server configuration all include a potentially high security risk for companies. We might think that these activities should generate sufficient log entries, but in actuality they do not.
The documents show the difference between event logging and activity monitoring in Linux and Windows environments by comparing standard system logging with complete session recording.
ISO 27001 - Achieve the impossible
Besides growing competition, compliance with PCI DSS, HIPAA, Basel II or other legal regulations is an increasing challenge to companies. Security requirements concerning IT systems are very rigorous but the implementation of ISO/IEC 27001:2005 (furthermore referred to as ISO 27001) standard can be an obvious solution for setting up an information security management system.
From this White Paper you can learn:
- The requirements recommended to fulfill for IT and business managers to obtain an ISO 27001 certificate,
- The 7 worst and the 7 best practices regarding the implementation of a security management and control system, and
- The business benefits of being ISO certified.
Logging, the Pillar of Compliance
It is a common experience among organizations that compliance with different security-related international standards means a great burden for IT experts as well as for business managers. Worries grow especially if an audit is approaching and no mistakes should be made. The question of how these increasingly rigorous requirements can be met with the least human resources and expenditures arises frequently – by no surprise. There is no simple answer to this question. However, this document intends to describe the possibilities for company managers.
From this White Paper you can learn:
- How can you avoid a breach of compliance, and ensure your business continuity.
- What are the key IT security requirements of the most frequently applied standards, such as the ISO 27001, PCI, SOX or COBIT.
- How advanced logging technology can contribute to cost-effective compliance and successful accomplishment of audits.
The Business Benefits of Logging
For many years, logging had been the exclusive privilege of IT experts. However, this has changed drastically by today, as it has become capable of playing a role in maintaining security which is of equal significance to providing support for specific business areas. When covering several levels of the organization, its use is in many cases accompanied by well measurable business benefits, which should not be neglected from either the financial or technological point of view.
From this White Paper you can learn:
- How logging-based benefits can make the work of managers more successful.
- How logging contributes to lowering the operational costs of organizations while making them more efficient.
- How syslog-ng logging technology can help to fulfill organizations' business requirements.
Creating value beyond compliance
As with any other value chain contributor, tight and agile management of assets is critical to the global organization. Within less than a decade, IT administrators who were once low value support resources became key to the generation of value.
From this white paper you will learn:
- How compliance drives investment priorities in 2011
- How regulations generate IT control
- How IT controls build global trust
Download the fresh study from IDC »
Regulatory compliance and system logging
Log messages can be used to detect security incidents, operational problems, and other issues like policy violations, and are useful in auditing and forensics situations. But collecting and analyzing log messages is also required directly or indirectly by several regulations, including the Sarbanes-Oxley Act (SOX), the Basel II Accord, the Health Insurance and Portability Act (HIPAA), or the Payment Card Industry Data Security Standard (PCI-DSS).
From this white paper you will learn:
- What system logging is and how it helps solve problems
- What are the logging-related requirements of PCI-DSS, COBIT, and HIPAA
- How to satisfy these requirements using the syslog-ng Store Box
Cloud security risks and solutions
Cloud computing solutions offer several benefits, most notably the scalable and flexible access to computing resources. However, the increased concentration of business data and computing power scales security risks as well, requiring special considerations and care from cloud providers. This paper aims to provide helpful solutions to cloud providers on the main security risks affecting the clouds.
From this white paper you will learn:
- What are the top security risks of the cloud and how to gain the trust of prospective cloud customers
- How can you prevent the data damage and data abuse
- What are the top cloud security benefits that help you to make security data accessible and auditable
The six cornerstones of logging
This document aims at briefly demonstrating the technological and business processes that led to the revaluation of log information to such an extent that its collection and procession has become one of the most essential tasks of contemporary corporate IT.
Furthermore, we attempt to identify those critical
points of a central logging management project that determine its success the
most. We hope that taking our six pieces of advice relating to these six points will
substantially contribute to the successful professional activities of our readers.
Download white paper »
Log message classification with syslog-ng
Operating systems, applications, and network devices generate text messages of the events that happen to them: a user logs in, a file is created, a network connection is opened to a remote host. These messages, called log messages, can be used to detect security incidents, operational problems, policy violations, and are useful in auditing and forensics situations.
From this white paper you will learn:
- What system logging is and how it helps ease the burden for system administrators
- How artificial ignorance detects anomalies in a working system
- What you need to do to exploit the advanced log message classification method of syslog-ng