Security Bytes

Jan 19 2009   7:56PM GMT

SANS Log Management Survey is looking for the ROI

Neil Roiter Profile: NBRoiter


Good information security requires…good information.

That’s why logs are so important and why so many regulatory and industry directives require companies to not only gather but monitor, read and analyze them.

By the same token, if we’re going to get this log management thing right, we need to share our experiences and pain points with each other and the vendors who want to make their log management products more responsive to our needs, so we, in turn, will keep giving them money.

So, if you have not yet taken the fifth annual SANS Log Management Survey, please take a few minutes. The survey will be up through January. Obviously, the more respondents SANS gets, the more reliable the results.  The findings will be released at SANS WhatWorks Log Management and Analysis Summit to be held in Washington April 6-7.

The survey has evolved as organizations experience with log management has evolved, said Stephen Northcutt, SANS CEO. Compliance is now well established as a driver for developing and improving log management programs and deploying automated tools. In fact, the 2008 report showed that compliance was only the second highest reason for collecting log data, behind detection and analysis of security and performance incidents.

With this year’s survey, SANS wants to emphasize getting full value to leverage log management for security and operations.

“The biggest thing in the survey that’s new and different is looking for the ROI,” Northcutt said. “We’re trying to see what the biz case for this is; the compliance case is established.  Two years you had to go to the CFO and say, look, I need 200,000 bucks.  Here are the findings of the audit report. So, you spent the money and now you’re saying, ‘Gosh, what can I DO with this?'”

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: