Log management priorities – and tools – are evolving in small-to-medium sized businesses (SMBs), with the focus shifting away from compliance towards security and threat management, according to two recently released surveys.
When queried about the usefulness of log management system data, over 90 percent of the participants in the SANS Institute’s Sixth Annual Log Management Survey ranked “Forensic Analysis and Correlation” as most useful. “Detect/Prevent Unauthorized Access and Insider Abuse,” “Track Suspicious Behavior” and “IT Troubleshooting and Network Operations” were only a couple of percentage points behind.
This represents a dramatic shift in attitudes towards log management systems, which were originally designed as enterprise tools to streamline aspects of the regulatory compliance process through automated report generation. According to The SANS Institute, this shift from a compliance focus to a security focus will soon blur the distinction between log management products and emerging Security Information and Event Management (SIEM) solutions
The results of a separate survey conducted by RSA confirm that security capabilities are becoming a top priority for SMBs when they evaluate log management products and SIEMs. Eighty-nine percent of respondents to the RSA study cited security operations functions as the primary usage for their SIEM solution, compared with 54 percent who cited compliance. Sixty-six percent ranked real-time monitoring as most important when evaluating a SIEM vendor, and more than 75 percent deemed that capability essential.
According to RSA Marketing CTO Sam Curry, “Regulations have been a catalyst for this industry: in the pursuit of a check mark [to appease regulators], small and medium sized businesses are finding new, deeper and more business-relevant ways to use the tools now in their hands. The RSA and SANS Institute surveys show these companies going beyond mere compliance and reporting and into the more interesting and valuable areas of forensics, operations optimization, risk management and advanced correlation.”
Comments from IT managers at SMBs confirm Curry’s opinion. "Security isn't just about packets and compliance for our team," said Charles Beierle, Director of Information Security at RBFCU, a Texas-based credit union, "It's about combining information and context to create intelligence useful for making business decisions. Efficiently capturing those two components from all kinds of disparate sources have made the case for continued SIEM investment."