This week, we announced availability of our Log Manager log management system for the Windows Azure public cloud. It can be licensed directly from the Windows Azure Add-On Store or from us here at Alert Logic. There are multiple subscription options available depending on the amount of log data you’re managing, how long you’d like to retain data, and the types of services you’d like to receive from Alert Logic. If you’re new to log management or Azure Security, I want to take a few minutes here to introduce you to Log Manager for Windows Azure.
What is Log Management?
The systems and applications running in your datacenter are a great source of security information. Throughout the day, these computing devices maintain a continuous record of their behavior in the form of a log file, or simply logs. By reading these logs you can tell who, did what, to what and when. This is key information for conducting forensic analysis to determine what happened in the event of a security breach. But even more importantly, the logs can help identify behavior which would indicate a security breach was in process – and provide proactive alerts to enable an administrator to take action to mitigate the intrusion. These capabilities are not only a security best practice, many governments and industry regulations make a regular review of logs mandatory for compliance purposes.
There are challenges though when dealing with logs. You need security expertise to understand what data in the log file is important (a few examples are highlighted above) and for most organizations, there is a lot of log data to sort through. The SANS Institute estimates that a typical 750 employee company with five locations generates an average of 150 events per second. That’s 12.9 million logs per day! So because of the complexity and sheer volume of logs, many organizations turn to log management tools to help manage their log data. Why Log Management for Windows Azure? Given the fast growth of Windows Azure (it surpassed $1 billion in annual revenue in 2013), we’re seeing many customers who need security and compliance in this environment because they’re moving sensitive applications and data to the cloud, their applications fall under some compliance mandate (e.g., PCI-DSS for credit card information) or they simply want to avoid a security breach. For these types of organizations, Alert Logic Log Manager for Windows Azure can play a key role in securing their IT assets. Log Manager delivers security and compliance monitoring of log data by collecting, normalizing, analyzing and archiving data. It supports Windows, syslog and flat files and presents all log data to you in a single view. It also includes more than 100 pre-built reports and you can do your own ad-hoc analysis using its analytical tools. In addition, there are a few ways that Log Manager differs from your basic log management tools:
- Log Manager can be delivered as a service, where Alert Logic security experts review your log files, identify security concerns, and deliver daily reports that satisfy regulatory requirements (this is the “Security & Compliance” edition listed in the Windows Azure store). If you are concerned about PCI-DSS compliance, this service was designed for you.
- It runs natively in the Windows Azure cloud. You don’t need to install any special hardware to collect log data. Windows and Linux agents forward your log data to Log Manager for management. And you don’t need to worry about allocating storage for your log data. We’ll take care of that – even replicate it for disaster recovery.
- The same Log Manager solution supports Windows Azure, public cloud and on-premises datacenters, so if you’re migrating to the cloud or planning to host some applications in the cloud and others onsite, Log Manager eliminates the need to have separate log management tools for the different environments.
Here’s a sample overview screen shot of Log Manager.
We’re looking forward to working with Microsoft and Windows Azure customers. If you’re interested in learning more about Alert Logic Log Manager, visit our website or contact us for a demonstration or free trial.