NewslettersRelated Resources
EventSource August 2009 – Managing the virtualized enterprise, historic NIST recommendations and more Featured Article Smart Value: Getting more from Log Management By Jasmine Noel Every drop in the business cycle brings out the ‘get more value for your money’ strategies. For IT this usually means either use the tools you have to solve a wider range of problems or buy a tool that with fast initial payback and can be used to solve a wide range of other problems. This series looks at how different log management tasks can be applied to solve a wider range of problems beyond the traditional compliance and security drivers so that companies can get more value for their IT money. Log Value Chain: data loss prevention, email trending for cost reduction and problem identification The bubbling acronym soup of compliance regulations (HIPAA, PCI-DSS, FRCP, etc) are putting more focus on data loss (leak) prevention (DLP). In other words, preventing users from unintentionally giving out too sensitive corporate information. Computing gives us many ways to share data -- USB drives, email, online file synchronization services, blogs, browser-based desktop sharing, twitter -- the list can seem endless. Every new innovation in data sharing creates a new way for employees to leak sensitive information. User education alone is not going to cut it. Most people know they shouldn’t send financial and medical records to people outside the company just like they know they should eat fewer snack foods and more vegetables. But its hard to have good eating habits when grocery stores have most of their shelf space dedicated to snacks (as I know so well!). Similarly, the wide variety of data sharing mechanisms makes it hard for users to be responsible with business information all of the time. Needless to say, every security vendor on the planet has unveiled their ‘comprehensive solution for DLP’ -- oh great -- this is just what cash-strapped businesses need -- another suite of security products (with one module to address each of those data sharing mechanisms) that they have to purchase just to keep a chip in the compliance game. Well, maybe not. Companies looking for a quick and cost effective way to start addressing DLP should to look at extending their log management solutions. Computing devices, for the most part, are capable of logging everything that is going on. It is analysis of that log data that helps knowledgeable people understand what is happening. Want to know what files were uploaded to a USB drive -- look at the logs for file writes. Want to know which users are using browser based desktop sharing services -- look at the browser history logs. Want to know who is downloading specific files after hours -- look at the server logs where the files reside. Want to know if employees are emailing files to their personal GMail accounts, look at the logs for specific IP addresses and correlate it with logs about email attachments. Alternatively you can look at email trends for suspicious activity -- a sharp spike in activity in the middle of the night is often evidence of a security attack or the malicious behavior of disgruntled employees. If you have a scalable log management solution with analytics that make it easy to correlate events, and reporting capabilities that can easily group issues into top ten lists, then you have the makings of a DLP solution that can investigate any current (and future) data sharing mechanism. But more than that -- you also have an email trend analysis solution which can save you service or storage costs. I quick look at my own desktop email client, shows email archiving files doubling every six months. Why? Because there are hundreds of internal emails with 4MB Word and PowerPoint attachments that never get removed. I shudder to think of businesses with hundreds or thousands of employees with my email habits. So if these businesses could prove that 70% of your email storage is large attachments sent between remote employees, they could come up with a more cost effective internal file-sharing mechanism or automate a process to eliminate the attachment overkill. Proving these email trends should be just another job for your log analysis and reporting solution. Speaking of analyzing email trends, I often have days when I seem to get very little email and I always wonder if everyone is on holiday, or nobody wants to talk to me, or something is really wrong with my email service. So I spend time doing personal checks, can I get email from my hotmail account or from a coworker, is my router working, is Vista downloading a massive patch, then I call my ISP who runs their tests tells me “our service is working” -- at which point I give up because I’ve spent an hour of problem resolution for a problem that ‘doesn’t exist.’ But sometimes a chunk of email the next day that clearly was supposed to be delivered the day before, so I know the problem was real and I wonder what got lost in the process. I suspect that a little trend analysis of my email logs would help with these transient customer service problems. In my case, since there is no evidence that I typically get 50 non-spam emails per day but today I got 5, my ISP doesn’t know what to do with my call so they close the ticket probably with a ‘couldn’t replicate problem’ tag. Would email trend analysis prevent the problem -- maybe not . However, if these type of customer service calls can be tagged with ‘abnormal email trends’ I’d bet they would identify issues faster and I would get my chunk of email later the same day instead of 24-36 hours later -- better customer service powered by log analysis. My point is that the business requirements will always be adding more and more analysis tasks to IT’s to-do list. Most of the time the raw information to complete those tasks is buried somewhere in the logs. By leveraging a flexible reporting and analysis solution, IT can respond to these new tasks -- and automate them if they are recurring -- without ponying up more of ITs precious budget for new solutions for every new task.
Industry News Tenenbaum hit with $675,000 fine for music piracy
NIST Issues Final Version of SP 800-53; Enables Rapid Adoption of the Twenty Critical Controls (Consensus Audit Guidelines)
Customer review of EventTracker Featured Whitepaper Managing the virtualized enterprise: New technology, new challenges We continue our look at the 100 uses of Log Management. Over the past few weeks the focus of the video blog has been on supporting the 15 automated controls of the Consensus Audit Guidelines (CAG), a joint initiative of defense experts from federal agencies and the SANS institute. These controls are viewed as effective in blocking the most serious real-world threats. Follow LogTalk on Twitter
Legal
|
© 2010 Prism Microsystems, Inc. • Privacy • Terms of Use