One of the hottest topics over the past year is "compliance auditing." Regulations from the Health Insurance Portability and Accountability Act to the Sarbanes-Oxley Act require that computer access to data not only be tightly controlled but also heavily monitored, logged and audited. Some regulations require auditing all users and resources and being able to tell - at any point in time - which objects could possible access which other objects and why they should be able to.

This is a far cry from the typical forensic auditing that network professionals did just a few years ago, when audit logs were really only read after a problem had occurred in an attempt to determine who (or what) might have caused the situation. Still, there also have been major advances in these security-monitoring functions.

Let's say there's a very up-to-date horse ranch, with sensors all over the barns wirelessly connected to the ranch network. Constant monitoring of comings and goings of horses and cowboys is logged. Access to individual stalls is controlled with proximity cards, and a verifiable record of who can access which horses is always available.

One morning, it's discovered that the barn door is open and all the horses are missing.

Old-style audit logging would require that we now sit down and read through the logs to discover who was (probably) the last cowboy to leave the barn. "Probably," because if that cowboy didn't lock the door, then there's no record of him leaving. We need to match up all entrances and exits to see where there was an entrance (logon) without a corresponding exit (logout). But the horses are still gone.

If the rancher has good regulatory compliance auditing tools, he could query the command console to see who had access to the barn - and to each horse's stall - during the hours that the security breach might have taken place. He can show the federal investigators whether he was in compliance with all regulations regarding horses, barns and data security. But the horses are still gone.

An up-to-date ranch network armed with sensors, detectors and rules would have noted that the barn doors were unlocked after the time set for them to be locked. It would have noticed horses out of their stalls at a time they shouldn't be. It would have noted a human presence when none had logged on. And it would have responded by locking the door before the horses got out.