Log management in the age of compliance

With each high-profile data breach (such as those at The TJX Companies and the U.S. Department of Agriculture) or new regulation, security emphasis seems to shift away from the traditional "keep bad guys out" mentality and toward a layered, in-depth, "What's going on in here?" look at IT activity. Organizations are turning to logs to provide a continuous trail of everything that happens with their IT systems and, more importantly, with their data.

Logs of different types are generated from different sources at an astounding rate, allowing for a detailed -- if sometimes cloudy -- picture of IT activity. If a disgruntled employee with an intent to steal data accesses a database containing confidential information, there would likely be a log of that activity that someone could review to determine the who, what and when. Logs provide the bread crumbs that organizations can use to follow the paths of all of their users, bad-intentioned or not.

It follows that managing these logs can benefit an organization in many ways. They offer situational awareness and help organizations pinpoint new threats as well as allow their effective investigation. Routine log reviews and in-depth analysis of stored logs are beneficial for identifying security incidents, policy violations, fraudulent activity and operational problems shortly after they have occurred, as well as for providing information useful for resolving such problems.