by Brian Singer, product marketing manger, Identity and Security, Novell
One of the trends we noticed when we started developing Novell Sentinel Log Manager is that when organizations realize they need a compliance strategy, the first place they look is log management. A log management tool can take care of a good portion of your PCI-DSS, SOX, and HIPPA requirements right out of the box. If you look at what's actually deployed and used today, you will see a lot of organizations trying to fulfill all their compliance needs only using a log management tool.
The problem with this approach is while you may be able to meet the bare minimum in terms of compliance, that's not good enough anymore. Compliance mandates from government and industry bodies try to mitigate overall risk. However, in this world, simply being compliant is not enough – just read this story in Bank InfoSecurity about a recent data breach of a company that was PCI-compliant. As Ben Goodman mentions in this ZDNet article, information that could have prevented a data breach is often available prior to the breach, but not acted upon.
Organizations are beginning to realize they need to do more with their data than just report to auditors where its stored and archived every quarter. This presents a problem. Most log management tools were originally built for the singular purpose of collecting and archiving logs. Providing the capability to analyze the data was an afterthought, and was shoehorned in by most vendors. They store log files in proprietary formats, and don't provide a way to access the data using outside analytic tools. You know the information to stop a breach is in your log files, but you can only get at that data with tools provided by your inflexible log management vendor! That's the problem we set out to solve. Sentinel Log Manager stores data in an open flat-file format, which means you can get access to the data with any tool from any vendor you choose. It's also extremely easy to forward event monitoring feeds, which gives you flexibility as your security needs grow and change.
Log Management is the starting point on the path to compliance and security, but it is clearly not the destination. If your log management tool isn't giving you control over your data, it's not too late to express your inner control freak and take back what is yours.