Open Group releases log management update, risk management guide

By Alexander B. Howard, Associate Editor 28 May 2009 | SearchCompliance.com

Enterprise IT news roundup Digg This!     StumbleUpon     Del.icio.us

More on log management E-book: Log Management for Compliance Log management vendors offer affordable compliance products

There's room for improvement, and a significant need. According to a February report from Burton Group Inc., large enterprises "typically generate 2 billion [logged] events every month, and, by some estimates, 25% enterprise data is log data."

The Open Group Security Forum hopes to change that with a new update to its log standard, distributed audit service (XDAS). The Security Forum has also announced work on a new compliance standard, automated compliance expert markup language (ACEML). Finally, The Open Group last week released a guide for risk assessment methodologies.

All are the result of a risk initiative that The Open Group has been working on for months. The group is a vendor-neutral body that defines standards and guidelines that address emerging security risks and compliance issues related to them.

Organizations struggling with risk management will find the new Requirements for Risk Assessment Methodologies useful in meeting their regulatory compliance challenges, said Jim Hietala, vice president of security at The Open Group.

The goal of ACEML and the risk taxonomy is more cost-effective compliance automation tools, he said. "We think there's a clear need for more automation applied to the problem of enforcing compliance and documenting or reporting on compliance," Hietala said. "ACEML will allow compliance automation software to work with a given standard."

Chuvakin, an advisor to the Open Group, said, "the idea that you could convert a compliance-relevant document into XML that's universally usable is sensible. ACEML solves some of the tasks currently covered by commercial vendor tools."

First, however, the ACEML standard would have to be adopted by these same vendors and an application developed to parse the XML itself. "Imagine if you invented TCP/IP but there was no Internet?" he said. If this standard is adopted by vendors in the industry, Chuvakin said he sees it solving a major headache for whoever is entrusted with compliance: checking multiple platforms.

"Compare the situation today: If you have to check for an eight-character password length, you have to go to multiple systems," he said. "If ACEML is adopted, you could create an XML document, feed it into a tool and then check across the enterprise. For a CISO working with Unix, Linux and Windows, ACEML would provide a uniform way of quickly ensuring compliance. There's a big efficiency improvement, if implemented."

The update to XDAS would make audit records more "descriptive, useful and easier to consume and understand," Hietala said. Like ACEML, however, the XDAS standard will need to be adopted to have any significant impact on the industry or the daily cycles of compliance officers. The Mitre Corp. has also released a log standard, the Common Event Expression (CEE), though the standard is not complete.

According to Chuvakin, "there is a flow of information between the creators of XDAS and CEE" that holds the potential to keep the standards interoperable in the future. XDAS has a strong vendor supporter in Novell Inc., which is trying to write the specification. ArcSoft Inc.has also created a standard, the common event format (CEF), which it has held up as a means to derive interoperability of event- or log-generating devices and applications.

Dan Blum, a senior vice president and principal analyst at Midvale, Utah-based Burton Group, noted that "there is a good community effort at the CEF Group, which will act as an umbrella group to fill in the complete standard. Each type of IT facility, like an operating system or firewall, need information about what it should log as well as a syntax."

You're looking at perhaps the least standardized area of IT. Anton Chuvakin director of strategic alliances, Qualys Inc.

Hietala said, "Log management vendors say a significant part of their development cycles is spent parsing different standards." He believes that standardization of log formats throughout the industry will produce substantial efficiencies and cost savings for vendors, compliance officers and chief information security officers (CISOs) who need to rapidly demonstrate compliance, he said.

As security analyst Andrew Hay noted, however, "the biggest issue with log standards is that if no one uses one, it's not that great, just like university research projects. With XDAS, people will have to implement it. I'm 100% for it -- if people are using it -- but you have to ask, which vendors have signed up? Is there a benefit, for instance, to Cisco to create logs that allow Juniper to correlate them on their products?"

If you're a CISO looking to buy log management software, compatibility requirements won't be an issue -- just yet. "Some of the pieces are developed, but there's plenty of work left to be done," Blum said. If you're in charge of purchasing in 2010, however, you may want to start evaluating tools that are compatible with CEE and XDAS, he said.

As Chuvakin noted, however, "just because there are two standard efforts today, it's a huge improvement. If people can offer feedback to the standards bodies, they'll definitely get better and have a chance at interoperability."

Tags: Log management software solutions,  Compliance framework software,  Compliance reporting software,  Automating compliance processes,  Managing governance and compliance,  Risk management and compliance,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Log management software solutions New evaluation criteria for Web application security scanners Security concerns may mean peer-to-peer file sharing days are over Google amends log retention rules, privacy advocates respond Log management vendors offer affordable compliance products Event log manager saves bank both time and money Compliance framework software ISO 27001 certification not enough for verifying SaaS, cloud security OpenID federated identity framework set for .gov authentication pilot Energy efficiency, carbon driving sustainable business development Architect preventative compliance controls for best risk management Social media platforms demand a clear employee Internet use policy Pietrylo case a cautionary Web 2.0 communications compliance failure Compliance concerns dog enterprise 2.0 collaboration platforms Chapter excerpt: Decision-making processes and IT governance Startup helps turn carbon footprint management into cost savings Chapter excerpt: The Three Core Disciplines of IT Risk Management Compliance reporting software Poor application security creates supply chain risk, security threat SAP sees green in sustainability software for carbon compliance Energy efficiency, carbon driving sustainable business development Startup helps turn carbon footprint management into cost savings Chapter excerpt: The Three Core Disciplines of IT Risk Management Leveraging your business intelligence resources for compliance Midmarket regulatory compliance management: Don't let your guard down Pre-emptive strategy best approach to breach notification

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Event log management software (ELMS)  (SearchCompliance.com) event log manager (ELM)  (SearchCompliance.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary