Zen 2.0

Found this paper by Dan Keldsen on Security Management Systems (or SIM/SEM). A bit dated but worth reading.

Whether you are building your own home-grown logging infrastructure (which of course I do not recommend ;)) or evaluating a log management solution, there are at least five factors you should consider.
1. Log Retention
The log retention period obviously depends on your requirements. If you are building out the infrastructure for troubleshooting and short term reporting, [...]

Fresh off the press.
Information Security Magazine has an interesting article on “Security information management tools refine the deluge of raw data into actionable intelligence“.
I will write more about it later, but thought you might be interested in reading it first.
I would love to hear from you on what you think of the review and whether [...]

Interesting article from ComputerWorld on Data Life-cycle Management.
Not totally log related but it has many of the same characteristics and requirements of log management. Namely

Data protection
Data retention and compliance
Data resource management

One of the biggest mistakes I have seen many organizations make is that they don’t evaluate the product they are buying. The organizations spent time creating a RFP, spent time reviewing the RFP responses, spent time talking to the vendors, even spent time doing due diligence on the vendors, but they don’t spend the time [...]

An eWeek article explains:
Beginning next week, companies that have public float, or publicly owned shares, exceeding $75 million and that have fiscal years ending on or after Nov. 15 must comply with internal control reporting and disclosure requirements per Section 404 of the Sarbanes-Oxley Act of 2002. Companies with less than $75 million in public [...]

Yankee Group had an estimate of the SIM/SEM market in 2003 and showed that the SEM market is $180 million this year and $270 million next year.

To put that in perspective, the US information security industry is $8.7 billion.
The Business Intelligence market is on a growth path that should result in a $7.8 billion market [...]

It seems like in most real-world cases, log analysis is triggered by some stimuli, e.g. an alert (IDS, SIM, human) or a log report (text or graphical format) showing something interesting. Most sysadmins are probably too busy to consciously go and review logs unless something happens.
It also seems like most of the time, the process [...]

Computer World has an interesting article on Playing catch-up on analytic technology.

A while back on the loganalysis mailing list there was a long thread of discussion on the “most popular reports”.
Adrian Grigorof from EventID was nice enough to compile the list of reports from the discussion thread.