The ideal IT security and auditing framework

Log management, compliance reporting and SIEM are helping to remove some of the burden of tracking security

Tags: ManageEngineSecurity Incident & Event Management
  • E-Mail
The ideal IT security and auditing framework SIEM solutions are helping to manage security incidents in real time, but the complexity is deterring some IT users, says Parthasarathi.
By  Kalyanaraman Parthasarathi Published  January 22, 2014

Log management, compliance reporting and SIEM are helping to remove some of the burden of tracking security, writes Kalyanaraman Parthasarathi, product marketing manager, ManageEngine.

Corporate islands with no connectivity to the external world or no employees seeking permission to share company critical information with outsiders, are not options that ensure protection from information theft. Not a day goes by without a security breach or espionage attempt being highlighted in the media. It doesn’t matter whether it’s an internal or external hack caused by a deliberate or inadvertent action. The IT guy is made accountable for the security gaps and is asked to revisit the policies to ensure that such incidents don’t recur.

We can all say thanks to the built-in logging mechanism in devices, systems and applications, which help track events. Though most of us understand the need for centralising these logs and their role in tracking down the potentially anomalous situations and security violations, skimming through millions of log records to find the information that matters the most proves difficult. This quest has been put to rest with the Security Information and Event Management (SIEM) solutions that bring critical threats to the forefront by iterative log data analysis.

To understand how IT teams are managing their network logs and how Security Information and Event Management (SIEM) solutions are perceived today, ManageEngine conducted a survey consisting of 337 corporate participants in 58 countries. The survey revealed interesting insights that are useful in understanding how far the SIEM solution has been accepted in the market to protect IT against security risks.

Log aggregation still slogs automation

System logs are the major source of tracking diverse activities. Centralising logs helps to assess trends and understand strange events across the IT infrastructure. Every administrator admits the importance of it, though this doesn’t hold back a vast majority from using manual scripts and CRON jobs to centralise log collection. About 52% of the respondents are still using manual scripts or in-house log collection tools, which may end up being painful to maintain.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code