Avoiding Pitfalls in Log Management Planning

Key considerations include scalability and references at comparable organizations, says ArcSight's Ansh Patnaik.

Over the past decade cyber security has emerged as an important concern for organizations of all sizes. The increase in digitized corporate records, coupled with the rise in cyber crime, is driving organizations in the public and private sectors to invest in more protection for sensitive data and regulated or other critical assets. In just the first two months this year, the Privacy Rights Clearinghouse has noted data breaches at several financial, healthcare and educational institutions as well at federal, state and local governmental agencies.

While private businesses may store specific pieces of information about a consumer-such as a credit card number or a medical record-in different departments, governments process and store enough information to entirely reconstruct an identity. The risk they must address goes well beyond consumer identity theft. Governments conduct research and development in numerous areas, including biotechnology and military advancement. They manage and regulate the transportation and utilities infrastructures. All of these functions rely heavily on information systems which, if compromised, would have a widespread impact and tremendous cost.

Monitoring and Log Management

Fundamentally, protecting IT assets in the public or private sector requires visibility into activity occurring on networks. But with so much happening at any given time-employees logging in and out of applications, badge swipes, email communications, opening and closing of sensitive files etc, simply capturing and making sense of network activity in itself a huge challenge. This is where effective log management can make a huge difference.

Logs provide a minimally intrusive means of gaining visibility into all user, system, and application activities. With proper planning, selection, and deployment of a log management solution, organizations can proactively detect threats, breaches, and policy violations, while also reducing the costs and efforts associated with regulatory compliance. Yet, across the planning and selection phases of log management important criteria and considerations are often overlooked.

Planning Phase

In the planning phase, the most common oversight is inadequate consideration of long term use cases and drivers. Any organization might begin its search for a log management solution with a given driver in mind, such as perimeter device monitoring. Over time, most will expand into broader use cases such as privileged user monitoring or regulatory compliance with FISMA, HIPAA, and PCI, etc. This trend highlights the importance of evaluating the functional breadth and the scalability of any log management solution up front.

A common driver for functional breadth arises as use cases transition from requiring historical analysis (which is integral for regulatory compliance) to robust real time correlation capabilities (for scenarios such as user activity monitoring or sensitive data protection). Solutions that do not offer an integrated growth path from historical to real time analysis (or vice versa) will eventually require a second investment with redundant log collection and storage layers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about ArcSight

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ansh Patnaik

Latest Videos

More videos

Blog Posts