Most Event Analysis Not Ready for Compliance Prime Time
Scott Gordon, VP of Marketing for SenSage (I used to work there), has written an interesting article on how most of the SIM products are not ready for compliance prime time.
Most of the points are valid, however, Scott seems to have forgotten to mention that archival of unaltered raw logs is a crucial requirement for compliance.
Scott did mention that “companies simply gathered all raw event data and stored it” will not meet compliance. However, without the archival of raw logs, these companies also won’t meet compliance.
Compliance is a combination of alerting, reporting and archiving. All three processes have to be in place in order to meet compliance.
Disclaimer: This is my personal blog. The opinions expressed in this blog are the views of the writer and do not necessarily reflect the views and opinions of VMware.