And Yet More Log Management!

The SecurityCurve December contribution to the Prism newsletter is Tuning Log Management and SIEM for Compliance Reporting.

Reading over recent posts – we’ve been doing a lot on log management lately. Seasonal yule log jokes aside, I think this trend is due, at least in part, to the evolving maturity of the install base. Compliance drove broad adoption, but the work of tuning and getting the most out of the products is still in process.

The winter holidays are quickly approaching, and one thing that could probably make most IT Security wish lists is a way to produce automated compliance reports that make auditors say “Wow!” In last month’s newsletter, we took a look at ways to work better with auditors. This month, we’re going to do a deeper dive into tuning of log management and SIEM for more effective compliance reporting.

Though being compliant and having a strong, well-managed IT risk posture aren’t always the same thing, they are intertwined. Auditors look for evidence – documentation and reporting that validates and supports compliance activities. For example, if a policy or mandate requires that access to a database be protected and monitored, evidence comprised of a log management or SIEM report can show who accessed that database and when. If the users who accessed the database have roles that are approved for access, the reports can provide proof that the access controls were working.