Livre blanc
The Complete Guide to Log and Event Management
Dr. Anton Chuvakin
The Complete Guide to Log and Event Management
Table of Contents:
2 3 3 4 5 6 6 6 6 7 7 9 10 11 13 16 16
Introduction Security Information and Event Management defining Features Log Management defining Features High-level Comparison: SIEM vs. Log Management SIEM and Log Management Use Cases pCI dSS FISMA HIpAA Technology Trend Example SIEM and Log Management Scenario Architecting Log Management and SIEM What to do First? SIEM or Log Management? do All Companies Have to Graduate from Log Management to SIEM? After Log Management and SIEM: Maturity Curve Mistakes Conclusions About the Author
SponSorEd By
p. 1
Introduction
Security information and event management (SIEM) technology has existed since the late 1990s, but it has always been somewhat controversial in the security industry due to its initial promise of a “security single pane of glass” combined with slow adoption across smaller organizations. More recently, traditional SIEM has been joined by a broaduse log management technology that focuses on collecting a wide variety of logs for a multitude of purposes, from security incident response to regulatory compliance, system management and application troubleshooting. In this paper we will analyze the relationship between these two technologies—SIEM and log management—focusing not only on the technical differences and different uses for these technologies, but also on architecting their joint deployments. For example, if you need to satisfy logging requirements of pCI dSS, which one should you deploy? What technology is better suited to optimize your incident response and investigation procedures? Which one will give you real-time insight about the attacks? In addition, we will provide recommendations for companies that have deployed log management or SIEM in order for them to plot their roadmap to enhancing, optimizing and expanding their deployment. We