In this blog, Alert Logic provides commentary on topics that are related to our technologies, such as log management, threat management, and IT compliance management.
Regulations such as PCI, SOX, HIPAA, and GLBA mandate that event log data be collected, securely archived, and regularly reviewed. Collecting and archiving logs can be an overwhelming challenge for IT resources considering the wide variety of devices, operating systems, and applications in use today, as well as the sheer volume of events to be analyzed and stored.
The hard part of daily log review is the “daily” part
For PCI compliance, you are required to review event logs on a daily basis. That means 7 days a week, 365 days a year. To properly review logs, an in-depth understanding of network security, device configurations, and application behavior is a must. To demonstrate compliance, you need an audit trail that proves you are actually reviewing the logs, and auditors need access to historical log data.
Log Manager customers already know the value of our automated log collection and archival service. You know how much time you can save by creating views to quickly sift through and make sense of the large volume of events generated on a daily basis. You’re also able to demonstrate compliance by giving auditors the access they need to view all of your log data history and reports.
But how do you create a repeatable workflow for reviewing logs on a daily basis?
Automated workflow can help
With the release of Log Manager 2.1 on January 15, we’ve improved the case management capabilities so you can create your own daily log review process. Here’s how:
Step 1: Group the views that need to be reviewed daily
You can now create a group of views to make it easy to organize the log data that needs to be reviewed daily. These Groups allow users to manage and categorize Saved Views by technology type, location, or compliance requirements. Simply create a group for “Daily Log Review,” and then add or create the relevant Saved Views.
Step 2: Schedule the views to be executed daily
For each view in the “Daily Log Review” group, schedule it to run at a specific time each day.
Step 3: Automatically create and assign cases
A new feature in Saved View Scheduling allows you to automatically create a case based on a template. You can assign a due date, priority, reviewer (which can be a single user or a group of users), and additional tasks to be performed. When the case is created, the details of the executed view are included in the case for easy reference. Views that return no data will automatically close the case, saving you team time every day.
Reviewers will receive email notifications when they need to take action.
When you set up your own log review process using Log Manager 2.1, the case history reflects who reviewed the log data as well as what data was reviewed. This audit trail is available online, instantly, making it easier to demonstrate compliance.
What do you think?
Can the enhancements in Log Manager 2.1 help with your daily log review requirements?
A couple of weeks ago Larry Ellison was onstage at TechPulse360 and he made a point of eviscerating the imprecise term “cloud computing.”
It is clear that Larry Ellison isn’t against cloud computing, but rather against an over-hyped term that seems to mean everything and that really isn’t new. He makes some very good points, but there can be no denying that there is a fresh momentum among companies to examine services that offer them key benefits provided by the cloud. Read the full story…
Our CEO, Gray Hall, was recently interviewed by the Web Host Industry Review about how Alert Logic is working with the hosting industry. You can view his interview below:
Gray addressed many topics relevant to SaaS (Software-as-a-Service) security and compliance, and highlighted how Alert Logic is uniquely positioned to work with the hosting industry. When discussing why hosting providers would want to work with Alert Logic, he pointed out that not only do we have great technology, but we are uniquely suited to be integrated in the services that hosting providers offer. In particular, we offer the following:
In this second installment of our feature called, “Thought Leadership with an Industry Expert,” we spoke with David Taylor, the founder of the PCI Knowledge Base, about PCI compliance.
Scott Olson: So I have a few questions for you today about PCI standards. The first one is, that you attended the PCI Security Standards Council’s Community Meeting recently, what were some of the hottest topics?
David Taylor: Well, I have talked to several people since then. Generally the agreement is that the folks at Price Waterhouse Coopers who were there to report on the study they had done for the PCI Security Standards Council of what you might call “Beyond PCI topics” — certain things that were really not addressed explicitly by PCI DSS in the 1.2 version, but were raised by many merchants and service providers and acquiring banks as ways to address compliance. This was either to reduce the scope of compliance, or to secure card holder data, or both of the above, and they were looking into a number of different things. I think they started out with twelve and they narrowed it down to three or four, depending on how you count.
The rest of the meeting largely consisted of feedback, meaning that people went up to the microphone and talked. The subcommittees or the special interest groups related to virtualization and wireless and the scope of the PCI standards, everybody spoke. I think generally what was reported out was the status of committee efforts, and nothing earth shattering. You’re not supposed to expect earth shattering things out of a meeting that takes place in the off year, meaning that the standards come out every two years and this is an off year. So they are preparing people for what is going to happen next year. I think the clarity of that is always like, “Well, we are working on stuff and there are a lot of things going on, but we can’t really tell you all that much because it is a work in progress.” Read the full story…
Cloud services is a hot topic. Whether it is cloud storage, server capacity, or software-as-a-service (SaaS), cloud services offer significant benefits to businesses and there is significant interest in learning about these offerings. This week IDC updated their definition of cloud services and they did a great job of explaining the attributes you can expect from a company with these types of offerings.
Their most basic definition of cloud services is as follows:
“Consumer and business products, services and solutions delivered and consumed in real-time over the Internet”
They go onto explain the key attributes of a cloud-based solution:
Shared, standard service
Solution-packaged
Self-service
Elastic scaling
Use-based pricing
Accessible via the Internet/IP
Standard UI technologies
Published service interface/API
These types of solutions can be delivered in either public or private clouds. Read the full story…
In this second installment of our feature called, “Thought Leadership with an Industry Expert,” we spoke with David Taylor, the founder of the PCI Knowledge Base, about 
