Livre blanc

Disponible uniquement sur Etudier
  • Pages : 31 (7618 mots )
  • Téléchargement(s) : 0
  • Publié le : 28 mars 2011
Lire le document complet
Aperçu du document
White Paper

The Complete Guide to Log and Event Management
Dr. Anton Chuvakin

The Complete Guide to Log and Event Management

Table of Contents:

2 3 3 4 5 6 6 6 6 7 7 9 10 11 13 16 16

Introduction Security Information and Event Management defining Features Log Management defining Features High-level Comparison: SIEM vs. Log Management SIEM and Log Management Use Cases pCI dSSFISMA HIpAA Technology Trend Example SIEM and Log Management Scenario Architecting Log Management and SIEM What to do First? SIEM or Log Management? do All Companies Have to Graduate from Log Management to SIEM? After Log Management and SIEM: Maturity Curve Mistakes Conclusions About the Author

SponSorEd By
p. 1


Security information and event management (SIEM) technology hasexisted since the late 1990s, but it has always been somewhat controversial in the security industry due to its initial promise of a “security single pane of glass” combined with slow adoption across smaller organizations. More recently, traditional SIEM has been joined by a broaduse log management technology that focuses on collecting a wide variety of logs for a multitude of purposes, fromsecurity incident response to regulatory compliance, system management and application troubleshooting. In this paper we will analyze the relationship between these two technologies—SIEM and log management—focusing not only on the technical differences and different uses for these technologies, but also on architecting their joint deployments. For example, if you need to satisfy logging requirements ofpCI dSS, which one should you deploy? What technology is better suited to optimize your incident response and investigation procedures? Which one will give you real-time insight about the attacks? In addition, we will provide recommendations for companies that have deployed log management or SIEM in order for them to plot their roadmap to enhancing, optimizing and expanding their deployment. Wewill also recommend a roadmap for companies that have already deployed both of these technologies. SIEM tools first appeared on the market in 1997. Their original use was for reducing network intrusion detection system (IdS) “false positives,” which plagued nIdS systems at the time. The tools were complex to deploy and use, so they were only used by the largest organizations with the most maturesecurity programs. The market was sized at a few million dollars in the late nineties, while now, some analysts report that the market is on track to reach billions in the coming years. Today’s SIEM tools, such as

novell® Sentinel™, are used by firms large and small, from Fortune 1000 or Global 2000 organizations to tiny SMBs—small and medium businesses. Before beginning our analysis, it will behelpful to define “SIEM” and “log management“and explain the differences between them. SIEM covers relevant log collection, aggregation, normalization and retention; context data collection; analysis (correlation, prioritization); presentation (reporting, visualization); security-related workflow and relevant security content. All the use cases for SIEM focus on information security, networksecurity, data security as well as regulatory compliance. on the other hand, log management includes comprehensive log collection, aggregation, original (raw, unmodified) log retention; log text analysis; presentation (mostly in the form of search, but also reporting); related workflow and content. With log management, the use cases are broad and cover all possible uses for log data across IT and evenbeyond. The key difference that follows from the above definitions stems from the fact that SIEM focuses on security—the first word in “security information and event management”—and use of various IT information for security purposes. on the other hand, log management focuses on logs and wideranging uses for log data, both within and outside the security domain.

p. 2

The Complete Guide to...
tracking img