For many security information event management (SIEM) clients, the Verizon “2010 Data breach investigations report” brought good news, showing a reduction of nine percent in attacks by outside agents. The bad news was that insider attacks were up a whopping 48 percent! The report also indicated that attacks by hackers were down 24 percent while data breaches involving privilege misuse were up 26 percent.

What does it all mean? It means that SIEM isn't enough to protect your data, your privacy, your money or your business. Good SIEM systems can block outsider attacks effectively, but rarely can tell you who the attacker was – something that's very important to know when it is an insider doing the attacking. When the SIEM system is tightly integrated with your IAM (identity and access management) system, however, not only can you discover the breaches much more quickly, block any “holes” but also identify who is behind the attacks and take appropriate action. For example:

Recently, a Canada Revenue Agency tax collector used her privileged access to view thousands of records to find high-income citizens whom she could later hit up for a business she ran on the side.

One company required three signatures for large payouts, which they could prevent embezzlement. One manager got around this by maintaining the accounts of departed subordinates then using their electronic signatures for the “independent approvals” needed to okay expenditures she created. By the time this was discovered, she had stolen $11 million.

A man working for an airline's customer service department reported false complaints, using his personal bank account as a beneficiary. Then he authorized payments. The employee also reopened old cases against the airline and replaced the original account by his own.

All three might have eventually been stopped by a good SIEM system. But if that SIEM was tightly coupled with a good IAM system, then little or no loss would have occurred. The Canadian tax agent would have been tagged for unusual activity and called in for an explanation. The “puppet master” would have been blocked by the company's de-provisioning system (part of IAM) from accessing the electronic signatures of her subordinates. The airline employee would have been stopped by a Separation of Duties (SOD) policy, part of an access governance module of a good IAM system.

Only an integrated IAM and SIEM system can monitor and correlate all of these activities. Only a system with a real-time, enterprise-wide view can prevent them from occurring. By combining security monitoring with identity management including access management and user provisioning, you can deliver business process automation that provides users with the appropriate resources, validated in real time, to ensure compliance with company policies—eliminating the gaps that have left so many companies at risk. If your solution isn't doing that, it is time to take a second look at the options.

Gartner, Inc. recently released its 2010 edition of the Security Information and Event Management (SIEM) magic quadrant. This year, Gartner placed Novell Sentinel—our SIEM technology—in the leader’s quadrant.

This is a significant accomplishment for two reasons: First, it reaffirms Novell’s commitment to the identity and security management space in general, and to the security management space, in particular. Second, it’s another proof point that Novell truly delivers a suite of industry-leading identity and security technologies.

Novell’s been in the identity game for over decade.  Since then, we’ve continued to innovate and lead the identity and security market with a host of technologies—like Novell Identity Manager, Novell Sentinel and Novell Access Manager—that were not only built to work seamlessly together out of the box, but are also considered leaders in their respective market categories.

Novell Sentinel, for example, is part of our Novell Compliance Management Platform—the ONLY product on the market to integrate identity management, access management and security management together out of the box. You read that right. Of the major players in the market, Novell is the ONLY one that offers this level of integration between its products. In fact, Novell is also the ONLY player in the market whose identity management, access management and security management technologies are rated as “leaders” in Gartner’s user provisioning, Web access management and SIEM magic quadrants, respectively. Oracle can’t make that claim. Neither can IBM, nor CA.

What does that mean for our customers? No matter which product they choose, they can rest easy knowing that their Novell investments have been proven, time and again, in real-world deployments; that identity and security management isn’t just a side business for us—it’s part of our DNA; and that we’ll continue building best-in-class, integrated products while other vendors play catch up.

If there was ever a doubt in your mind that Novell was serious about identity and security management, now’s a great time to revisit that thought. And if you want an unbiased opinion, call up your favorite analyst and ask them about our suite. Better yet, see examples of some of the thousands of global customers that are running Novell Identity Manager, Novell Access Manager or Novell Sentinel.

At Novell, our engineers constantly innovate to find more efficient ways for our customers to collect, search and report on the overwhelmingly massive amount of data IT organization must manage on a daily basis. Can log management ever become a harmonious experience? We think so.

To reduce IT deployment and management costs, improve visibility into IT infrastructure activities and relieve regulatory compliance headaches, Novell recently announced Novell Sentinel Log Manager software appliance. Built on the industry-leading Sentinel architecture and SUSE Studio, this log management software appliance provides customers with a complete log management solution that is ready-to-run within minutes of deployment on any hypervisor. Software Appliances eliminate the timely process of loading an OS prior to loading an application. Additionally, Novell Sentinel Log Manager includes an embedded update service, making it easy for customers to collect, normalize, search and report on IT infrastructure activities.

The harmony Novell uniquely brings to the table is Log Manager’s ability to forward event data to Novell Sentinel, which provides event correlation capabilities as well as user activity monitoring when integrated with the Novell Identity Management Suite. When used together, Novell Sentinel and Sentinel Log Manager provide the network visibility required to more efficiently manage security, compliance, technology and unpredictable human behavior. This helps our customers continuously enforce security and access-related policies, making it easier to manage risk and also prove compliance.

Click here to learn more about the new release of Novell Sentinel Log Manager 1.1. This is also the industry's first log management solution available as a software appliance. In my next post, I'll go into more detail about why this is another uniquely harmonious quality that sets Novell apart from our competitors.

A recently published analyst report on Security Information Event Management (SIEM) placed Novell in the upper-right quadrant. This placement is the culmination of a rabid focus we’ve had on security over the past year. Some of our accomplishments in security have included:

• Launching two new products, Sentinel Log Manager and Sentinel Rapid Deployment, and achieving rapid success with these products
• Growing our security customer base over 70%
• The creation of a security management solution to highlight Novell’s security capabilities
• Recruiting many new security-focused partners

Gartner also recognized Novell for the scalability of the Sentinel solution, the integration between Sentinel and Novell’s Identity and Access Management products, and for the efforts we’ve made to expand our channel. Thank you to the customers who continue to support Novell, and to all of partners who see the unique value proposition that Novell’s Security Management solution delivers!

In this podcast, Brian Singer of Novell talks to Hardin about the challenges of PCI DSS in a university environment. Hardin discusses how he and his team can more efficiently meet PCI DSS requirements, while also securing the university’s many payment systems with Sentinel Log Manager.

One of the trends we noticed when we started developing Novell Sentinel Log Manager is that when organizations realize they need a compliance strategy, the first place they look is log management. A log management tool can take care of a good portion of your PCI-DSS, SOX, and HIPPA requirements right out of the box. If you look at what's actually deployed and used today, you will see a lot of organizations trying to fulfill all their compliance needs only using a log management tool.

The problem with this approach is while you may be able to meet the bare minimum in terms of compliance, that's not good enough anymore. Compliance mandates from government and industry bodies try to mitigate overall risk. However, in this world, simply being compliant is not enough – just read this story in Bank InfoSecurity about a recent data breach of a company that was PCI-compliant.  As Ben Goodman mentions in this ZDNet article, information that could have prevented a data breach is often available prior to the breach, but not acted upon.

Organizations are beginning to realize they need to do more with their data than just report to auditors where its stored and archived every quarter. This presents a problem.  Most log management tools were originally built for the singular purpose of collecting and archiving logs. Providing the capability to analyze the data was an afterthought, and was shoehorned in by most vendors. They store log files in proprietary formats, and don't provide a way to access the data using outside analytic tools. You know the information to stop a breach is in your log files, but you can only get at that data with tools provided by your inflexible log management vendor! That's the problem we set out to solve. Sentinel Log Manager stores data in an open flat-file format, which means you can get access to the data with any tool from any vendor you choose. It's also extremely easy to forward event monitoring feeds, which gives you flexibility as your security needs grow and change.

Log Management is the starting point on the path to compliance and security, but it is clearly not the destination. If your log management tool isn't giving you control over your data, it's not too late to express your inner control freak and take back what is yours.