Skip Links

Network World

Jon Oltsik

Log Management: The Rodney Dangerfield of IT

security

By joltsik on Wed, 07/22/09 - 1:17pm.

Log management has become an essential enterprise service yet to paraphrase Rodney Dangerfield, it gets no respect. Why? Log management is as geeky an IT service as there is as it hums along and collects, processes, and stores cryptic Syslog and Windows Log files. Insert yawn here.

Boring stuff -- yes but increasingly essential. Correlation and analysis of log events helps users detect security events and suspicious behavior. Analysis and reporting on log data is the heart of regulatory compliance. Logs also provide a view into the entire IT infrastructure. Analysis here can help CIOs tune their IT infrastructure and plan for the future.

Let's face it, log management is a foundational technology these days. Users who understand this and build an enterprise-class log management infrastructure will be better prepared for future security, IT, and business challenges.

Log management will eventually evolve into something much bigger. I envision an IT data warehouse in the future that collects log data but also network flows, CMDB records, asset information, vulnerability scans, SNMP events, etc. Users will load this into the IT equivalent of a Teradata warehouse and run all types of queries and reports.

As far as vendors go, I see good things from ArcSight, HP, LogLogic, LogRhythm, and Q1 Labs. Any one of these guys could emerge as the market leader for this future IT data warehouse vision.

What about Splunk?

0
By Michael Baum (not verified) on Wed, 07/22/2009 - 1:26pm.

Jon, you failed to mention the company with far and away the best technology and fastest growing customer base. Splunk! We just launched our Splunk 4 product which is light years ahead of the "emerging market leaders" you mention. Check out all the buzz on twitter at #splunk. Be happy to give you a demo and chat about our more than 1,100 customers and 350,000 downloads of our software.

Michael Baum
Founder & Chief Corporate Development Officer
Splunk
www.splunk.com/blogs/thebaum

There is a log-analysis mailing list on security focus.

0
By Anon (not verified) on Wed, 07/22/2009 - 5:38pm.

There is a log-analysis mailing list on security focus (securityfocus.com). Check it out for more discussion about logs. Good article.

Ciao,
neil@k2tour.net

what about ManageEngine's

0
By Anon (not verified) on Thu, 07/23/2009 - 7:12am.

what about ManageEngine's Eventlog Analyzer? The same company as Zoho. They build great stuff too.

It is time to change the way businesses think about logs

0
By Michael Maloof (not verified) on Fri, 07/24/2009 - 2:09pm.

I agree with your take, Jon. Log management is a little boring because it doesn't really take an 'action' – however, it is an essential piece of the compliance pie and there is an incredible amount of value for organizations to understand exactly what's happening on their network.

Businesses really do need to change the way that they think about log data. Many organizations are still simply using it for forensic purposes – when it is capable of doing so much more to proactively secure your network from internal and external threats. We also touched on log management on our blog last year: http://blog.trigeo.com/2008/siem-and-log-management/

Michael Maloof, CTO, TriGeo Network Security

Check out HP's fantastic solution !

0
By Tim Snow (not verified) on Mon, 07/27/2009 - 3:39pm.

http://www.accelacomm.com/jaw/link/0/50477974/

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • You can use BBCode tags in the text.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <p> <strong> <i> <br /> <br> <ul> <ol> <li> <dl> <dt> <dd> <blockquote>

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Welcome, visitor. Register Log in
About Networking Nuggets and Security Snippets
Jon Oltsik is a principal analyst at Enterprise Strategy Group responsible for the networking and security services at ESG. Prior to joining ESG, Jon was the founder and principal of Hype-Free Consulting. Mr. Oltsik previously served as VP of Marketing & Strategy at GiantLoop Network where he managed all marketing activities and defined the company’s strategic vision. Jon was also a Senior Analyst at Forrester Research where he covered a wide range of infrastructure and IT topics. In this role, he was frequently quoted in business journals, including the Wall Street Journal, Business Week, and the New York Times, and was also the recipient of a prestigious "best research" award for his breakthrough report, "The Internet Computing Voyage."