InfoWorld review: Better network security, compliance with log management
ArcSight, LogRhythm, and NitroSecurity ace mining event logs for security alerting, compliance auditing, and other usesFollow @rogeragrimes
Reports. All products come with built-in reports and allow reports to be customized or created. The best products come with hundreds of built-in reports, either free or for additional charge, relating to particular security or compliance needs: NERC, PCI, SOX, FISMA, and so on. Reports can usually be saved to a variety of formats -- CSV, HTML, XLS, TXT, and sometimes PDF -- run ad hoc, scheduled, and published to predefined file shares. The more built-in reports you have to work with, the better.
Be sure to test the reporting differences regarding structured versus unstructured data. Most vendors cannot easily handle unstructured data in reports or cannot provide the same summaries and counts as are normally available for structured data. Some vendors can incorporate unstructured data into reports only by including the complete raw message detail or very minimal summary counts.
In addition to middle and upper management reports regarding particular compliance initiatives, look for detailed reports that support technical troubleshooting. The products with the best reporting functionality, including ArcSight, LogRhythm, and NitroSecurity, meet both of these needs. Some vendors are operating on workflow processes where compliance reports can be sent up the chain of command and signed off by the necessary responsible parties. My advice is to find out what reports come built-in, what reports are available at additional cost, and to review all of them to see if they fit your compliance needs.
All seven products reviewed contained hundreds of features and proved immensely configurable, and every one represents a solid, well-thought-out solution to log management. I found myself really liking each product reviewed, only to be further impressed with the next product I tested. Read the accompanying product reviews, which highlight the significant differences, to find out which product most closely fits your environment. Then give it a detailed test-drive to measure suitability and performance.
If you aren't using a comprehensive, enterprise-wide log management solution already, you have a number of excellent products to choose from. The best solutions give you only the alerts you require, filter out the noise, and provide useful dashboards and reports that you can tailor to your specific needs. The better you become at log management, the better equipped you'll be to serve your company's information technology needs, whether those relate to security, compliance, operations management, or virtually any other area of IT.
|Platform and cost||Pros||Cons|
|ArcSight Logger 4.0||Appliance with optional software solution; starts at $20,000|| |
|GFI EventsManager 8.2||Software for Windows; starts at $220 per server and $22 per workstation|| |
|LogLogic MX3020||Appliance and virtual appliance; starts at $20,000|| |
|LogRhythm LR2000-XM||Appliance with optional software solution; starts at $35,000|| |
|NitroSecurity NitroView ESM and ELM||Appliances; starts at $39,995|| |
|Splunk 4.1.2||Software for Windows, Linux, Unix, BSD, Mac OS X, and others; Enterprise edition starts at $5,000; free version up to 500MB daily events|| |
|Trustwave SIEM||Appliance with optional software solution; starts at $27,000|| |
This article, "InfoWorld review: Meeting the network security and compliance challenge," was originally published at InfoWorld.com. Follow the latest developments in information management and security at InfoWorld.com.
Read more about storage and managing enterprise data in InfoWorld's Data Explosion Channel.