Midmarket firms are looking for affordable log management technology to help them deal with growing scrutiny from...
regulations such as the Payment Card Industry Data Security Standard and the Health Insurance Portability and Accountability Act (HIPAA).
"The midmarket tends not to have security staff, or the need for a security console," said Eric Ogren of The Ogren Group, a Stow, Mass.-based consultancy. "They just need to collect event log data that they can produce on demand. The midmarket is not trying to boil the security management ocean. They just need to retain event log data for PCI compliance."
Log management tools collect the logs that devices produce for every transaction, store them centrally and offer varying levels of analysis that allow administrators to detect unsanctioned activity and hardware and software failures.
"There's an alphabet soup of regulations, but what's really been driving the need for log management is PCI," said Nick Selby, senior analyst and director of the enterprise security practice at New York-based The 451 Group. "These standards really have bite. The vision of a CEO in an orange jumpsuit has been replaced with the image of not being able to process credit cards."
With that in mind, vendors of log management technology are trying to offer products midmarket companies can afford. For instance, Houston-based Alert Logic Inc. offers Alert Logic Log Manager, a product delivered through the Software as a Service model. Instead of paying up to $75,000 up front for a log management appliance, Alert Logic customers can pay $1,500 a month.
Other log management vendors are offering more affordable appliances. ArcSight Inc., a Cupertino, Calif.-based vendor of security and compliance technologies, recently announced ArcSight Log Management Suite, a new log collection, archival and analysis appliance line with a starting price of $20,000.
"Most of the log management vendors have a low-end product like that, but ArcSight is not known for its low prices," Selby said. "It's good to see they're really taking a fairly bottom-to-top look at the log management market. But this product is by no means as mature as its competitors in that space, such as LogLogic and even LogRhythm. But we have seen ArcSight devoting a fair amount of resources to this. We believe the midmarket will continue to be an expanding opportunity for the log management market."
Ogren said ArcSight's product has three features that will appeal to the midmarket. He said it has focused functionality on log data management that makes it easier for midmarket administrators to use. He said the remote connectivity makes it easier for midmarket companies to include branch offices. And he said the appliances are easy to just plug into the network. They autodiscover each other, so there is minimal upfront work to get the product going.
Tool helps hospital exec 'bubble up' info
Arsen Khousnoutdinov, manager of networks, security and telecommunications at Boston Medical Center, said he has used ArcSight's log management technology for three months. Compliance and security are part of Khousnoutdinov's business case for the technology, but his initial motivation was to improve the performance and availability of the network at the $909 million hospital.
"I wanted to have the ability to bubble up the most important information every day," Khousnoutdinov said. "I wanted to know when hardware failures happen, when a power supply fails, when something gets disconnected. When it happens, it might not be catastrophic [because of redundancies] but if something else happens there's a problem."
Khousnoutdinov said he's also preparing for future HIPAA audits and other regulatory requirements by adopting ArcSight.
"I know that those occurrences of audits are not unheard of," he said. "I'm positioning myself for future regulatory action. Part of what I have to deal with also is security matters at Boston Medical Center. We sometimes get involved with legal and human resources on incidents outside the work norm. If someone is utilizing the Internet not according to policy or sometimes with criminal intent. I deal with legal quite a bit, the state police and local authorities. Log management may be utilized at some time for some of that."
I wanted to have the ability to bubble up the most important information every day.
Arsen Khousnoutdinov, manager of networks, security and telecommunications, Boston Medical Center
Prior to adopting ArcSight, Khousnoutdinov managed logs with a combination of the syslog monitoring tools in CiscoWorks and a homegrown syslogger the hospital built on Linux.
"CiscoWorks did not help at all," Khousnoutdinov said. "It was quite a heavy solution to implement and use, and every time a Java update came around it rendered the logs useless because of incompatibility."
Khousnoutdinov said his homegrown syslogger sniffed logs, but his administrators had to manually search through the stored logs.
"The homegrown solution was to make sure we captured the logs, but it was like looking for a needle in a haystack to find a specific log," he said.
With ArcSight, Khousnoutdinov said he can see what's happening with his most critical logs over a day, a month or a year and respond quickly. He said ArcSight's user interface is also more user friendly than other log management products.
"I had to have a point-and-click interface," he said. "I had to get away from a dependence on Linux or Unix knowledge and have my lower-experienced staff be able to use this application. It enables me to free up the utilization of our most senior staff, which needs to be spending time doing something other than logging."
With 1,000 wireless access points, 400 network switches, 100 routers and about 8,000 workstations, Khousnoutdinov estimates that his total investment with ArcSight's log management technology will be about $85,000. He said that's cheaper than he would have spent with some of the company's competitors. He said he also uses some of ArcSight's other products, so going with its log management product made more sense.
Let us know what you think about the story; email firstname.lastname@example.org.