Home > Log Management, Security > Log management as SaaS – 1

Log management as SaaS – 1

This blog post primarily deals with Log Management as Software as a Service (SaaS). I tried to split this post to 2 parts – First being this one to talk about the problem statement and the second one is more technical.

SaaS by the itself has a long debate taking it’s definition. But here with out getting into the spat, I would like to state a simple definition (courtesy RADLab):

Definition: Delivering applications over the internet

Now coming to what actually the log management is all about…

Any asset (or computer) that is considered critical may be vulnerable to attack. Managing the logs of these assets become an utmost critical task in monitoring the system before attack and doing forensics after attack. Having said that storing the logs become an utmost critical step in protecting the asset.

It is a compliance requirement that every product generate and store event logs efficiently, eg: windows OS as a product should store the events occurring in the system, similarly products such as Oracle, ERP systems etc should generate logs and store them for auditing. Event here could be a functionality access or edit/delete/new operations. It need not be only a stand-alone product but could even be web based product that should generate and store logs for forensic investigation.

Now that we understand that managing logs of an asset is a critical task in monitoring a system, the question that pops up now is who has to look at the logs constantly? how would I know that an attack has actually taken place?

Feasible solution, would be to alert an administrator up on any malicious activity with any asset in the network. With this premise, a centralized management of logs is a desired idea to solve our problem. When we say centralized log storage, we should need agents running on each and every asset in the network that can push the alert logs to the centralized server.

Adding, you should have a tool that can give a Centrally searchable, distributed archive of critical logs and Non real-time reporting and basic policy violation alerting. Well there are players in this area who provide such a tool, such as, CA, Symantec, McAfee, LogLogic to name few. Generally organizations buy Log Management (here on LM) solution from any of the vendors for managing their logs effectively to comply to the standards. Well I forgot to say that, people who do not know this, managing/monitoring/storing/archiving logs is a compliance issue. Organizations failing to do so are liable to even jail some times.

With the above fact, the only way the companies can comply to this standards is through installing the LM solution in the network. Log management by itself is a vast subject, I am restricting this post to only defining the basics of LM.

Well as my post title goes, I was looking at providing LM solution as a SaaS based application. Where in, logs from customer’s critical systems are collected and stored. This way logs collected from multiple customer’s event log data can help come up with the derivative data that can help come up with Trend Analysis and tell the market what all the vulnerabilities prevailed and what are the remediations that can be taken to overcome these vulnerabilities.

In this model, the SaaS provider should have a fool proof infrastructure for storing log events from various customers.

My next post deals with the technical aspects of implementing the discussed model…

Related Posts:

  1. No comments yet.
  1. November 14, 2010 at 1:01 PM
  2. December 3, 2010 at 2:21 PM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: