FFIEC News

LogLogic Accelerates Windows Event Collection for Compliance

(Aug 07, 2007)-- LogLogic released version 4 of Project Lasso, an Open Source Microsoft Windows event collector. IT event logs from Windows-based systems and applications provide a fingerprint of user and systems activity that are critical to security, compliance and effective IT operations. LogLogic and Project Lasso allow that fingerprint to be captured and securely warehoused, then reported and alerted on, transforming it into actionable intelligence. Project Lasso 4.0 debuts dozens of new features including a 20x improvement in start-up performance and more control over how logs and Dynamic Link Libraries (DLLs) are processed.

Project Lasso has been downloaded more than 10,000 times since its launch in 2006, driven by mandates such as PCI, SOX and FISMA that require Enterprises to collect, review and store log data. Project Lasso can be used both standalone for collecting Windows events and sending them to Syslog servers, as well as with LogLogic's industry leading log management and intelligence platform. When used with LogLogic 4, Windows events can be alerted and reported on in real-time, securely stored, and easily shared with other applications and dashboards.

"Windows-based events underpin dozens of IT tasks performed on a daily basis -- from troubleshooting email, investigating security incidents, to optimizing IT infrastructure," said Dominique Levin, vice president, product management, LogLogic. "Issues ranging from the need for improved customer responsiveness through better information protection and user activity monitoring have moved Windows event logging from a mundane IT task to the foundation of good compliance, security and IT operations."

Key new features include:

-- Significantly improved startup performance -- by up to 20x, providing
more control over the details of event collection and DLL collection.
-- Shared DLL Repository eases log collection from remote hosts and makes
it much more practical to do periodic manual collection of DLLs.
-- Command line invocation enables Project Lasso to implement periodic
manual collection of DLLs instead of enabling DLL access for the
Project Lasso User Name.
-- Project Lasso Shares enable DLL collection without using
Administrative Shares, thus allowing DLL collection in sites where the
Administrative Shares have been disabled, and without giving
administrative privileges to the Project Lasso User Name.
-- Completely automated, scripted install in "agent" mode that has been
enhanced by:
-- Custom lasso.ini file allowing configuration of features which are
not otherwise addressed in the InstallShield dialogues
-- Installation with Startup Type set to "Automatic" makes it
unnecessary to manually configure the Service after installation
-- Significantly enhanced trace and field debug capability, including a
new "Access Report" that details success or failure for each target
host for each phase of DLL and event collection.

Project Lasso collects all log data from Windows hosts without the need for any agents or code installed on the remote system -- this speeds up deployment and reduces administration, leading to a much higher ROI. Windows DLL files contain critical information relating to the log messages themselves. LogLogic has cracked the code on remote collection by combining the log data and the DLL information to produce actionable information in a format that allows it to be more rapidly searched and reported against.

LogLogic customers using Lasso in conjunction with LogLogic's Log Management Data Warehouse can combine Windows, Active Directory, Microsoft SQL, Exchange, IIS and ISA information with all the other platforms and applications (including custom or homegrown) within their enterprises.

For the first time large enterprises have an ability to track a user or IP address (on a global basis) from the time a connection is made (internally or externally) to every system and application that is then accessed. This end-to-end user activity monitoring and reporting from a single interface is proving invaluable to large enterprises needing to meet governance, risk and compliance requirements.

Share or bookmarklet this web page at: