The Top Ten of Audit and Log Monitoring
Event logs, audit logs, and syslog messages have always been a good source of troubleshooting and diagnostic information, but the need to store audit log files on a central log server has become an integral part of many management standards. Modern SIEM solutions must be • flexible enough to manage any device, operating system, platform, database and application • scalable enough to handle thousands of devices generating millions of events • intelligent, events too correlate and identify only genuine security incidents, allowing resources to focus on genuine threats and attacks.
This is a preliminary list of the “Top 10 Audit Trail and Event Log Monitoring”. Security and governance policies such as PCI DSS and GCSx CoCo require logging and traceability mechanisms as they are essential to prevent, detect or contain data breaches. Other policies like FISMA, Sarbanes Oxley, NERC CIP, ISO 27000, and HIPAA use a way to centralize audit log events to identify security incidents.
State-of-the-art audit log correlation technology provides automated configuration assessment, proactive testing and server environment evaluation against pre-configured default policies, helping to ensure minimal window deployment. The best solutions leverage industry standards, particularly benchmarks from the Center for Internet Security (CIS), the National Institute of Standards and Technology (NIST), and the Defense Information Systems Agency (DISA).
These benchmarks include thousands of configuration assessments to automatically test balanced policy compliance for FISMA. security standards such as PCI DSS and GCSx CoCo require tracking and monitoring of all access to network resources and cardholder data. Logging mechanisms and the ability to track user activity. Logs in all environments enable detailed monitoring and analysis of problems.Without system activity logs, it is very difficult to determine the cause of a security breach. The best solution is a central event log analyzer.