Chair of Cybersecurity at Capitol Technology University, Dr. Kellep Charles, was recently featured in an article published by GRC Outlook to discuss his expertise in log management systems (LMS). This online magazine helps businesses find the most innovative solutions-providers that can meet their unique security and compliance needs within the governance, risk, and compliance environment by researching emerging players in the GRC space. In his article “Enterprise Log Management: An Overview,” Dr. Charles gives an overview of what log management is, and why it is important.
“Log management is the collection of self-generated data from IT hardware devices and software applications. The collection of this data can contain useful information about business processes such as the number of errors on a website or even a security issue,” explains Dr. Charles.
According to Humio.com (2021), “a log is a computer-generated file that captures activity within the operating system or software applications,” such as “messages, error reports, file requests and file transfers,” which are time-stamped to help IT determine the where, when, how, and why of the event. A log management system offers a solution to collecting and analyzing all of this data into a centralized access point by making it indexable, searchable, and organized.
This system is important not only for internal management purposes, it also offers companies a way to meet regulatory compliance within their environment. Dr. Charles details the specific compliance systems that are currently in place, some of which may sound familiar: the Graham-Leach-Bliley (GLB) Act guides the financial industry, the Healthcare Insurance Portability and Accountability Act (HIPAA) guides the healthcare industry, the Sarbanes-Oxley (SOX) Act guides the financial systems of publicly traded companies, and the Federal Information Security Management Act (FISMA) guides the federal government’s info systems.
Log management practices offer other beneficial returns as well. They can be used in fault management, troubleshooting, and performance analysis of a business’ local or networked computer systems. They can also be used to assess trend analyses, indicating common security incidents, violations, and peak usage. These analyses can help businesses improve performance, streamline processes, and maintain security of their data and assets.
Once the decision has been made to implement a log management system, one should consider which system to work with, as not all systems perform the same. In terms of remote access, some systems do not possess this ability. A single system log or “syslog” server, known as a “sinkhole,” will receive remote logs from one or more sources, a “hierarchy” system is a multi-tiered sinkhole that can be divided into data collection sections, and a “streaming” system can perform real-time remote logging. However, a “distributed” system uses independent log repositories, while a “store and forward” system writes logs to a disk to send later.
Choosing the right system for your enterprise is key, as there are many log management software products available – most notably, Splunk, Log Logic, and LogRhythm. Each of these programs have a proprietary advantage of usage, whether it be fast, user-friendly data indexing, data collection abilities, or a disadvantage, such as high costs, learning curves, or lack of customization options. It is important to determine which system is best suited for the company and the users.
Dr. Charles notes that “the difference between a log management solution and other types of monitoring tools is that the data is already available on your devices and applications; it is just a matter of setting it up, collecting and using it. In addition, log management is considered an industry and security best practice regardless if your organization has to meet regulatory compliance or not.”
He offers some helpful tips when considering your log management systems:
- Factor in costs of hardware and storage components – even “free” software comes with this price.
- It is often worth the costs to employ vendor IT support during the transition into using the software to ensure long-term usage success and deployment.
- Be sure to weigh your options and choose the best software for your usage.
To read the full article, click here.
To learn more about Capitol Tech’s many program offerings, including Information about cyber and information security, or management of technology, visit our website or contact admissions@captechu.edu.