Resources for Federal Financial Institutions Examination Council (FFIEC)

Log Analysis Across System Boundaries for Security, Compliance and Operations

www.enterprisenetworksandservers.com

All IT users, whether malicious or not, leave traces of their activity in various logs, generated by IT components, such as firewalls, routers, server and client operating systems, databases and even business applications. Such logs accumulate, creating mountains of log data. At the same time, more organizations are starting to become aware of the value of collecting and analyzing such data: it helps them keep an eye on the goings-on within the IT infrastructure-- the who's, what's when's, and where's of everything that happens. This also makes sense given the growing emphasis on data security (all companies want to avoid becoming the next TJ Maxx) and evolving regulatory compliance mandates such as PCI DSS and SOX.

Of course, simply generating and collecting the logs is only half the battle. Being able to quickly search and report on log data in order to detect, manage, or even predict, security threats and to stay on top of compliance requirements is the other half. Logs have traditionally been handled by reviewing them on their individual points of origin and usually only after a major incident. Such approach is simply not working in this age of data breaches and stringent compliance requirements. It is not only inefficient and complex, but it also can cost a Fortune 1000-sized company millions of dollars and take weeks, thus destroying or severely reducing the positive effects of such "log review."

View the Resource

Share or bookmarklet this web page at: