Log Management, Compliance Reporting and SIEM

Corporate islands with no connectivity to the external world and/or employees seeking permission to share company critical information with an outsider are not options that ensure protection from information thefts. Not a day goes by without a security breach or espionage attempt in the media. It doesn’t matter whether it’s an internal or external hack caused by a deliberate or inadvertent action. The IT guy is made accountable for the security gaps and is asked to revisit the policies to ensure that such incidents don’t recur.

We can all say thanks to the built-in logging mechanism in devices, systems and applications, which help track events. Though most of us understand the need for centralizing these logs and their role in tracking down the potentially anomaly situations and security violations, skimming through millions of log records to find the information that matters the most proves difficult. This quest has been put to rest with the Security Information and Event Management (SIEM) solutions that bring critical threats to the forefront by iterative log data analysis.

To understand how IT teams are managing their network logs and how Security Information and Event Management (SIEM) solutions are perceived today, ManageEngine conducted a survey consisting of 337 corporate participants in 58 countries. The survey revealed interesting insights that are useful in understanding how far the SIEM solution has been accepted in the market to protect IT against security risks.

Check out this info-graphic for a quick look into the survey data.


Log aggregation still slogs automation

System logs are the major source of tracking diverse activities. Centralizing these logs help assess trends and understand strange events across the IT department. Every administrator admits the importance of it, though this doesn’t hold back a vast majority from using manual scripts and CRON jobs to centralize log collection. About 52% of the respondents are still using manual scripts or in-house log collection tools, which may end up being painful to maintain.

Say for instance an admin did the job scheduling and scripting to centralize logs across the IT department. He or she will be asked to maintain it, irrespective of how high they go up the ladder in the organization. It is worse if he or she leaves the company as the IT team will have no clue on where, what and how to maintain the data. Large organizations have felt this importance and resorted to automated tools for centralizing log collection. In today’s market there are many cost-effective solutions available, similar to ManageEngine’s EventLog Analyzer to help centralize log collection.

Log analytics: An option to go word blind

Most IT organizations are under-staffed. When the company security is at stake, the IT team has no option other than to analyze the root cause, regardless of the hours spent. Most importantly, the logs help in investigating the security incidents. Trust me, staring at the logs for five minutes will make you word blind. IT security admins go through this grief every time there is an anomaly.

On average, IT teams spend over four hours in a week analyzing logs, which actually seems like a very small time. If you consider it for a whole year, the data gets overwhelming. Yes, admins spend over 200 hours analyzing log data. To put it differently, the right tool can help you go for a month long paid vacation in a year. How’s that sound?

Compliance fails to security monitoring

Most organizations initiate security projects with compliance or regulatory mandate funds. As soon as they get a grip on how the solution could help them solve critical business problems and stay secure against targeted attacks, the IT team starts to appreciate the importance of it.

This trend is evident in the survey results, with more administrators using SIEM solutions for real-time security event monitoring and security incident investigation when compared to statutory compliance reporting. Compliance reporting is ranked 3rd among other benefits of SIEM solutions.

Securing IT seems simple, compared to the solutions

I’m sure by now you are impressed with IT teams clearly understanding the need for SIEM solution but still working with manual or in-house script. It’s true that most admins feel SIEM solutions are complex to understand and deploy. The exorbitant pricing and confusing licensing are the next to follow.

Simplifying and making SIEM solution usable will drive the vendors for the next few years. We at ManageEngine took this to the heart while designing our product and the licensing structure.

Rising promises for Cloud watching

The drive to cut cost and deliver efficient service keeps IT always on the run to adapt to newer technologies. The cloud rush in the recent past is also a similar outcome. However, security concerns are a setback for slower cloud adaption rate. Around 50% of the respondents either already have or are planning for cloud infrastructure and they feel it is important to monitor and centralize events for their cloud infrastructure.

Max governance for PCI and ISO

I’m surprised to see over 30 different compliance regulatory and IT security frameworks of this short survey. The United States tops the list with 24 different regulatory frameworks. Though IT teams give more importance to real-time security event monitoring, the compliance audits are inevitable for the corporations to adhere to.

Globally, Payment Card Industry Data Security Standard (PCI-DSS) and ISO/IEC 27001:2005 Information security management systems framework is the widely employed statutory compliance and security framework respectively.

Besides large enterprises, the knowledge and consciousness about IT security is on the rise among SMBs and emerging enterprises. To add to it, regulatory bodies are staying vigilant about the various security threats faced by the enterprises and amendments are carried out at regular intervals. In the future, security will lose it exclusivity and become mainstream knowledge across the IT department. One flipside to this is that IT security is often mixed-up with big data analytics. We hope it will become more clear in the upcoming days.